path: root/data/CVE/2009.list

CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...)
	NOT-FOR-US: Invision Power Board
CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has insuffic ...)
	NOT-FOR-US: google-analyticator plugin for WordPress
CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...)
	NOT-FOR-US: Linksys
CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...)
	NOT-FOR-US: ASMAX AR-804gu 66.34.1 devices
CVE-2009-5155 (In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp i ...)
	[experimental] - gnulib 20180621~6979c25-1
	- gnulib 20140202+stable-3.2 (bug #924613)
	[stretch] - gnulib <no-dsa> (Minor issue)
	[jessie] - gnulib <no-dsa> (Minor issue)
	- glibc 2.28-1
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	NOTE: http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22793
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=32806
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34238
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=11053
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18986
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672
CVE-2009-5154 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is  ...)
	NOT-FOR-US: MOBOTIX
CVE-2009-5153 (In Novell NetWare before 6.5 SP8, a stack buffer overflow in processin ...)
	NOT-FOR-US: Novell NetWare
CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell Inspiron sys ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes code  ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital  ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5149 (Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_10061 ...)
	NOT-FOR-US: Arris hardware
CVE-2009-5148
	RESERVED
CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 6 ...)
	{DLA-300-1 DLA-299-1}
	- ruby1.8 <removed>
	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
	- ruby2.0 <removed>
	- ruby2.1 <removed> (bug #796344)
	[jessie] - ruby2.1 2.1.5-2+deb8u3
	- ruby2.2 <not-affected> (Does not contain DL, cf note and corresponding CVE-2015-7551)
	NOTE: https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
	NOTE: Although the is upstream commit mentioned, the corresponding change does not
	NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
	NOTE: https://sources.debian.org/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does not
	NOTE: contain the change.
	NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
	NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
	NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer.
CVE-2009-5146
	REJECTED
CVE-2009-5145 (Cross-site scripting (XSS) vulnerability in ZMI pages that use the man ...)
	- zope2.12 2.12.10-1
CVE-2009-5144 (mod-gnutls does not validate client certificates when "GnuTLSClientVer ...)
	- mod-gnutls 0.5.6-1 (bug #578663)
	NOTE: http://issues.outoforder.cc/view.php?id=93
CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ac ...)
	NOT-FOR-US: GE Healthcare Discovery 530C
CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1 ...)
	NOT-FOR-US: TimThumb
CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 all ...)
	NOT-FOR-US: War FTP Daemon
CVE-2009-5140 (The SIP implementation on the Linksys SPA2102 phone adapter provides h ...)
	NOT-FOR-US: Linksys
CVE-2009-5139 (The SIP implementation on the Gizmo5 software phone provides hashed cr ...)
	NOT-FOR-US: Gizmo5
CVE-2009-5138 (GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag  ...)
	- gnutls26 2.7.12-1
	- gnutls28 <not-affected> (Only affects versions before 2.7.6)
	NOTE: Only affects version prior of 2.7.6, fix: https://gitlab.com/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd
	NOTE: and the issue has different root than CVE-2014-1959
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1069301
CVE-2009-5137 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows r ...)
	NOT-FOR-US: CastRipper
CVE-2009-5136 (The policy definition evaluator in Condor before 7.4.2 does not proper ...)
	- condor <not-affected> (Fixed before initial upload)
CVE-2009-5135 (The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows  ...)
	NOT-FOR-US: Echo
CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in uTorre ...)
	NOT-FOR-US: uTorrent
CVE-2009-5133
	RESERVED
CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter before 6 ...)
	NOT-FOR-US: Websense
CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does not rec ...)
	NOT-FOR-US: Websense
CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows remote  ...)
	NOT-FOR-US: Websense
CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote attackers to  ...)
	NOT-FOR-US: Websense
CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote attackers to  ...)
	NOT-FOR-US: Websense
CVE-2009-5127 (The Antivirus component in Comodo Internet Security before 3.8.64739.4 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5126 (The Antivirus component in Comodo Internet Security before 3.8.65951.4 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote attackers  ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5124 (The Antivirus component in Comodo Internet Security before 3.11.108364 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5123 (The Antivirus component in Comodo Internet Security before 3.11.108364 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5122 (The Personal Email Manager component in Websense Email Security before ...)
	NOT-FOR-US: Websense
CVE-2009-5121 (Websense Email Security 7.1 before Hotfix 4 allows remote attackers to ...)
	NOT-FOR-US: Websense
CVE-2009-5120 (The default configuration of Apache Tomcat in Websense Manager in Webs ...)
	NOT-FOR-US: Websense
CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager in Webs ...)
	NOT-FOR-US: Websense
CVE-2009-5118 (Untrusted search path vulnerability in McAfee VirusScan Enterprise bef ...)
	NOT-FOR-US: McAfee
CVE-2009-5117 (The Web Post Protection feature in McAfee Host Data Loss Prevention (D ...)
	NOT-FOR-US: McAfee
CVE-2009-5116 (McAfee LinuxShield 1.5.1 and earlier does not properly implement clien ...)
	NOT-FOR-US: McAfee
CVE-2009-5115 (McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 ...)
	NOT-FOR-US: McAfee
CVE-2009-5114 (Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 ...)
	NOT-FOR-US: WebGlimpse
CVE-2009-5113 (Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse ...)
	NOT-FOR-US: WebGlimpse
CVE-2009-5112 (wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers  ...)
	NOT-FOR-US: WebGlimpse
CVE-2009-5111 (GoAhead WebServer allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service (daemon ou ...)
	- dhttpd <removed> (low; bug #533665)
	[squeeze] - dhttpd <no-dsa> (Minor issue)
	[lenny] - dhttpd <no-dsa> (Minor issue)
CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remot ...)
	NOT-FOR-US: Mini-Stream Ripper
CVE-2009-5108
	REJECTED
CVE-2009-5107
	REJECTED
CVE-2009-5106
	REJECTED
CVE-2009-5105
	REJECTED
CVE-2009-5104
	REJECTED
CVE-2009-5103 (Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP  ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2009-5102 (SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 AS ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2009-5101 (Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSES ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5100 (Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5099 (Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI S ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5098 (The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not vie ...)
	NOT-FOR-US: Palm WebOS
CVE-2009-5097 (Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, ...)
	NOT-FOR-US: Palm WebOS
CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module 5. ...)
	NOT-FOR-US: Drupal module Flag Content
	NOTE: might get packaged
CVE-2009-5095 (PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0 ...)
	NOT-FOR-US: ea gBook
CVE-2009-5094 (SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate  ...)
	NOT-FOR-US: CMS Faethon
CVE-2009-5093 (Directory traversal vulnerability in gastbuch.php in G&#228;stebuch (G ...)
	NOT-FOR-US: Gastebuch
CVE-2009-5092 (Cross-site scripting (XSS) vulnerability in the management interface i ...)
	NOT-FOR-US: Microsoft FAST ESP
CVE-2009-5091 (SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allo ...)
	NOT-FOR-US: Vlinks
CVE-2009-5090 (SQL injection vulnerability in editcomments.php in Bloggeruniverse Bet ...)
	NOT-FOR-US: Bloggeruniverse Beta 2
CVE-2009-5089 (Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0. ...)
	NOT-FOR-US: IdeaCart
CVE-2009-5088 (SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allow ...)
	NOT-FOR-US: IdeaCart
CVE-2009-5087 (Directory traversal vulnerability in geohttpserver in Geovision Digita ...)
	NOT-FOR-US: Geovision Digital Video Surveillance System
CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration Ma ...)
	NOT-FOR-US: Juniper IDP
CVE-2009-5085 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, whe ...)
	NOT-FOR-US: Tivoli
CVE-2009-5084 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, whe ...)
	NOT-FOR-US: Tivoli
CVE-2009-5083 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, whe ...)
	NOT-FOR-US: Tivoli
CVE-2009-5082 (The (1) configure and (2) config.guess scripts in GNU troff (aka groff ...)
	- groff 1.20.1-5 (unimportant; bug #538338)
	NOTE: Only exploitable during build
CVE-2009-5081 (The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) con ...)
	- groff 1.20.1-5 (unimportant)
	NOTE: Only exploitable during build
CVE-2009-5080 (The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2gr ...)
	- groff 1.20.1-5 (low; bug #538330)
	[lenny] - groff <no-dsa> (Minor issue)
CVE-2009-5079 (The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/r ...)
	- groff 1.20.1-5 (unimportant)
CVE-2009-5078 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launch ...)
	- groff 1.20.1-5 (low; bug #538338)
	[etch] - groff <not-affected> (pdfroff not yet present)
	[lenny] - groff <not-affected> (pdfroff not yet present)
CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass authenticat ...)
	NOT-FOR-US: CRE Loaded
CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, al ...)
	NOT-FOR-US: CRE Loaded
CVE-2009-5075 (Monkey's Audio before 4.02 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Monkey's Audio
CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static implementat ...)
	- libmojolicious-perl <not-affected> (Fixed before initial upload)
CVE-2009-5073 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV ...)
	NOT-FOR-US: Tivoli
CVE-2009-5072 (Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Se ...)
	NOT-FOR-US: Tivoli
CVE-2009-5071 (Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown i ...)
	NOT-FOR-US: Palm WebOS
CVE-2009-5070
	REJECTED
CVE-2009-5069
	REJECTED
CVE-2009-5068 (There is a file disclosure vulnerability in SMF (Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows remot ...)
	- html2ps 1.0b7-1 (low; bug #548633)
	[squeeze] - html2ps <no-dsa> (Minor issue)
CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials ...)
	- jbossas4 <not-affected> (twiddle.sh is included in the source package, but not in any of the binary packages)
CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
CVE-2009-5064 (** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and  ...)
	- eglibc 2.10.1-7
	- glibc 2.10.1-7
	NOTE: Obscure attack
CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c in libp ...)
	- libpng 1.2.39-1 (unimportant)
CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX  ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5060 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5059 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5058 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 servi ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 d ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2009-5056 (Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2009-5055 (Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2009-5054 (Smarty before 3.0.0 beta 4 does not consider the umask value when sett ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote  ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 hav ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session co ...)
	- hastymail <removed>
CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the H.323 imp ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-5036 (traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows rem ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5035 (The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not p ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5034 (IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated us ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5033 (IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "*  ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0. ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5031 (ModSecurity before 2.5.11 treats request parameter values containing s ...)
	- modsecurity-apache <not-affected> (Fixed before initial upload)
	- libapache-mod-security 2.5.12-1
	NOTE: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366
	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1
	NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2
CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allo ...)
	{DSA-2629-1}
	- openjpeg 1.3+dfsg-4.1 (medium; bug #672455)
	NOTE: Upstream ticket http://code.google.com/p/openjpeg/issues/detail?id=5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812317
CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2.15 al ...)
	- eglibc 2.13-24 (low; bug #656108)
	[squeeze] - eglibc 2.11.3-3
	- glibc 2.13-24
	NOTE: http://support.novell.com/security/cve/CVE-2009-5029.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=735850
CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows remote atta ...)
	- namazu2 2.0.20-1.0 (low)
CVE-2009-5027
	REJECTED
CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x  ...)
	- mysql-5.1 5.1.53-1
CVE-2009-5025 (A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an att ...)
	NOT-FOR-US: PyForum
CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_l ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.3 (bug #671482)
CVE-2009-5023 (The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf,  ...)
	- fail2ban 0.8.4+svn20110323-1 (low; bug #544232)
	[lenny] - fail2ban <no-dsa> (Minor issue)
	[squeeze] - fail2ban 0.8.4-3+squeeze1
CVE-2009-5022 (Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibT ...)
	{DSA-2256-1}
	- tiff 3.9.5-1 (bug #624287)
	- tiff3 <not-affected> (fixed before initial upload)
	[lenny] - tiff <not-affected> (3.9+ only)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=1999
CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an installati ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 allow ...)
	- awstats 6.9.5~dfsg-1 (unimportant)
CVE-2009-5019 (Web Wiz NewsPad stores sensitive information under the web root with i ...)
	NOT-FOR-US: Web Wiz NewsPad
CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UT ...)
	- xulrunner <undetermined>
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in P ...)
	- php5 5.3.3-4
	[lenny] - php5 5.2.6.dfsg.1-1+lenny10
	[squeeze] - php5 5.3.3-7+squeeze1
	NOTE: Also fixed by debian/patches/CVE-2010-3870.patch
CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 expos ...)
	- turbogears2 2.0.3-1
CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before 2 ...)
	- turbogears2 2.0.3-1
CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib  ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l permissi ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5011 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib be ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5010 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib be ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow remot ...)
	- openconnect 1.40-1
CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnec ...)
	NOT-FOR-US: isco Secure Desktop
CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows lo ...)
	NOT-FOR-US: Cisco AnyConnect SSL VPN trial client
CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in br ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache  ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5004 (qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 m ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5003 (SQL injection vulnerability in click.php in e-soft24 Banner Exchange S ...)
	NOT-FOR-US: e-soft24 Banner Exchange Script
CVE-2009-5002 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-5001 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-5000 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ( ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-4999 (Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) com ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-4998 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine  ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the lock_on_su ...)
	- gnome-power-manager 2.28.0-1 (unimportant)
CVE-2009-4996
	NOTE: Disputed non-issue
CVE-2009-4995 (Cross-site scripting (XSS) vulnerability in frmTickets.aspx in Smarter ...)
	NOT-FOR-US: SmarterTools SmarterTrack
CVE-2009-4994 (Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in Smarte ...)
	NOT-FOR-US: SmarterTools SmarterTrack
CVE-2009-4993 (PHP remote file inclusion vulnerability in home.php in LM Starmail Pai ...)
	NOT-FOR-US: LM Starmail Paidmail
CVE-2009-4992 (SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail  ...)
	NOT-FOR-US: LM Starmail Paidmail
CVE-2009-4991 (Cross-site scripting (XSS) vulnerability in users/resume_register.php  ...)
	NOT-FOR-US: Omnistar Recruiting
CVE-2009-4990 (Cross-site scripting (XSS) vulnerability in the Webform report module  ...)
	NOT-FOR-US: Webform report module for Drupal
CVE-2009-4989 (Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pr ...)
	NOT-FOR-US: AJ Auction Pro OOPD
CVE-2009-4988 (Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business O ...)
	NOT-FOR-US: SAP Business One
CVE-2009-4987 (admin/header.php in Scripteen Free Image Hosting Script 2.3 allows rem ...)
	NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-4986 (Directory traversal vulnerability in index.php in In-Portal 4.3.1, whe ...)
	NOT-FOR-US: In-Portal
CVE-2009-4985 (SQL injection vulnerability in browse.php in Accessories Me PHP Affili ...)
	NOT-FOR-US: Accessories Me PHP Affiliate Script
CVE-2009-4984 (Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me  ...)
	NOT-FOR-US: Accessories Me PHP Affiliate Script
CVE-2009-4983 (Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classif ...)
	NOT-FOR-US: Silurus Classifieds
CVE-2009-4982 (SQL injection vulnerability in the select function in Irokez CMS 0.7.1 ...)
	NOT-FOR-US: Irokez CMS
CVE-2009-4981 (Multiple cross-site request forgery (CSRF) vulnerabilities in Photokor ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4980 (Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Galle ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4979 (Multiple SQL injection vulnerabilities in search.php in Photokorn Gall ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4978 (Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows ...)
	NOT-FOR-US: MyBackup
CVE-2009-4977 (PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 ...)
	NOT-FOR-US: MyBackup
CVE-2009-4976 (Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitp ...)
	- webkitkde 0.4svn1059630-1
CVE-2009-4975 (Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrows ...)
	- rekonq 0.5.0-1
CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar  ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows rem ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the log in  ...)
	NOT-FOR-US: SimpleID
CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...)
	NOT-FOR-US: AJAX Chat
CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for T ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement (SBbanne ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4968 (SQL injection vulnerability in the Event Registration (event_registr)  ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4967 (SQL injection vulnerability in the Car (car) extension before 0.1.1 fo ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4966 (SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipse ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4965 (SQL injection vulnerability in the AIRware Lexicon (air_lexicon) exten ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4964 (Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers  ...)
	NOT-FOR-US: KSP
CVE-2009-4963 (Cross-site scripting (XSS) vulnerability in the Commerce extension bef ...)
	NOT-FOR-US: TYPO3 addon
CVE-2009-4962 (Stack-based buffer overflow in Fat Player 0.6b allows remote attackers ...)
	NOT-FOR-US: Fat Player
CVE-2009-4961 (Lanai Core 0.6 allows remote attackers to obtain configuration informa ...)
	NOT-FOR-US: Lanai Core
CVE-2009-4960 (Directory traversal vulnerability in modules/backup/download.php in La ...)
	NOT-FOR-US: Lanai Core
CVE-2009-4959 (SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) ext ...)
	NOT-FOR-US: T3M E-Mail Marketing Tool
CVE-2009-4958 (SQL injection vulnerability in video.php in EMO Breeder Manager (aka E ...)
	NOT-FOR-US: EMO Breader Manager
CVE-2009-4957 (Directory traversal vulnerability in loadpanel.php in Interspire Activ ...)
	NOT-FOR-US: Interspire ActiveKB
CVE-2009-4956 (Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_s ...)
	NOT-FOR-US: typo3 third party component (ws_stats)
CVE-2009-4955 (SQL injection vulnerability in the ultraCards (th_ultracards) extensio ...)
	NOT-FOR-US: typo3 third party component (th_ultracards)
CVE-2009-4954 (SQL injection vulnerability in the Versatile Calendar Extension [VCE]  ...)
	NOT-FOR-US: typo3 third party component (sk_calendar)
CVE-2009-4953 (Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit ( ...)
	NOT-FOR-US: typo3 third party component (sg_userdata)
CVE-2009-4952 (Directory traversal vulnerability in the Directory Listing (dir_listin ...)
	NOT-FOR-US: typo3 third party component (dir_listing)
CVE-2009-4951 (Unspecified vulnerability in the ClickStream Analyzer [output] (altern ...)
	NOT-FOR-US: typo3 third party component (alternet_csa_out)
CVE-2009-4950 (SQL injection vulnerability in the A21glossary Advanced Output (a21glo ...)
	NOT-FOR-US: typo3 third party component (a21glossary_advanced_output)
CVE-2009-4949 (SQL injection vulnerability in the Store Locator extension before 1.2. ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2009-4948 (Cross-site scripting (XSS) vulnerability in the Store Locator extensio ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2009-4947 (SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Sol ...)
	NOT-FOR-US: Q2 Solutions ConnX
CVE-2009-4946 (Directory traversal vulnerability in the Messaging (com_messaging) com ...)
	NOT-FOR-US: Joomla! Messaging
CVE-2009-4945 (AdPeeps 8.5d1 has a default password of admin for the admin account, w ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4944 (Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1. ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4943 (index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4942 (Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows  ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4941 (Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC AColla ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4940 (SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier  ...)
	NOT-FOR-US: Zeus Cart
CVE-2009-4939 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ad ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4938 (SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3. ...)
	NOT-FOR-US: JVideo
CVE-2009-4937 (Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 ...)
	NOT-FOR-US: SPirate
CVE-2009-4936 (Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 a ...)
	NOT-FOR-US: SPirate
CVE-2009-4935 (SQL injection vulnerability in ogp_show.php in Online Guestbook Pro al ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-4934 (Cross-site scripting (XSS) vulnerability in index.php in Online Photo  ...)
	NOT-FOR-US: Online Photo Pro
CVE-2009-4933 (Multiple SQL injection vulnerabilities in login.php in EZ Webitor allo ...)
	NOT-FOR-US: EZ Webitor
CVE-2009-4932 (Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote a ...)
	NOT-FOR-US: 1by1
CVE-2009-4931 (Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote ...)
	NOT-FOR-US: Groovy Media Player
CVE-2009-4930 (Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQue ...)
	NOT-FOR-US: SunGard Banner Student System
CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require administr ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: WB News
CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online Contact  ...)
	NOT-FOR-US: Online Contact Manager
CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce Creasito  ...)
	NOT-FOR-US: Portale e-commerce Creasito
CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument ...)
	- python-cjson 1.0.5-4 (low; bug #593302)
	[lenny] - python-cjson <no-dsa> (Minor issue)
CVE-2009-4923 (Unspecified vulnerability in the DTLS implementation on Cisco Adaptive ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4922 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4921 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4920 (Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4919 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 serie ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4918 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4917 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4916 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4915 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4914 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series de ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4913 (The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) 55 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4912 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with soft ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4911 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4910 (Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct brute-forc ...)
	NOT-FOR-US: oBlog
CVE-2009-4908 (Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow rem ...)
	NOT-FOR-US: oBlog
CVE-2009-4907 (Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog al ...)
	NOT-FOR-US: oBlog
CVE-2009-4906 (Cross-site request forgery (CSRF) vulnerability in index.php in Acc PH ...)
	NOT-FOR-US: Acc PHP eMail
CVE-2009-4905 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...)
	NOT-FOR-US: Acc Statistics
CVE-2009-4904 (article.php in oBlog does not properly restrict comments, which allows ...)
	NOT-FOR-US: oBlog
CVE-2009-4903 (Cross-site scripting (XSS) vulnerability in index.php in oBlog allows  ...)
	NOT-FOR-US: oBlog
CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in winscard_svc. ...)
	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
	NOTE: of the weird CVE assignments on this one
CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smar ...)
	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
	NOTE: of the weird CVE assignments on this one
CVE-2009-4900 (pixelpost 1.7.1 has XSS ...)
	- pixelpost <removed> (bug #597224)
	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4899 (pixelpost 1.7.1 has SQL injection ...)
	- pixelpost <removed> (bug #597224)
	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2  ...)
	NOT-FOR-US: TWiki
CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allo ...)
	{DSA-2093-1}
	- ghostscript 8.70~dfsg-1
CVE-2009-4896 (Multiple directory traversal vulnerabilities in the mlmmj-php-admin we ...)
	{DSA-2073-1}
	- mlmmj 1.2.17-1.1 (bug #588038)
CVE-2009-4895 (Race condition in the tty_fasync function in drivers/char/tty_io.c in  ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-9
CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in  ...)
	NOT-FOR-US: PunBB
CVE-2009-4893 (Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::opt ...)
	- unrealircd <itp> (bug #515130)
CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! allo ...)
	NOT-FOR-US: Content Management System WEBjump!
CVE-2009-4891 (SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allow ...)
	NOT-FOR-US: CS-Cart
CVE-2009-4890 (Multiple cross-site scripting (XSS) vulnerabilities in the login appli ...)
	NOT-FOR-US: vBook
CVE-2009-4889 (SQL injection vulnerability in books.php in the Book Panel (book_panel ...)
	NOT-FOR-US: book_panel module for php-fusion
CVE-2009-4888 (Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2 ...)
	NOT-FOR-US: PHortail
CVE-2009-4887 (PHP remote file inclusion vulnerability in index.php in CMS S.Builder  ...)
	NOT-FOR-US: CMS S.Builder
CVE-2009-4886 (Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 a ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4885 (Cross-site scripting (XSS) vulnerability in templates/1/login.php in p ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4884 (Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when m ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4883 (SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.3 ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in Zo ...)
	{DSA-2056-1}
	- zonecheck 2.1.1-1 (bug #583290)
CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...)
	{DSA-2058-1}
	- eglibc 2.10.1-1 (unimportant)
	- glibc 2.11.1-1 (unimportant)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f
CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the GNU C  ...)
	{DSA-2058-1}
	- eglibc 2.11.1-1 (unimportant)
	- glibc 2.11.1-1 (unimportant)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3
CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows att ...)
	NOT-FOR-US: Novell Access Manager
CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell Acce ...)
	NOT-FOR-US: Novell Access Manager
CVE-2009-4877 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI b ...)
	- webgui 7.7.22-1
CVE-2009-4876 (admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify ...)
	NOT-FOR-US: Netrix CMS
CVE-2009-4875 (FCKeditor.Java 2.4 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: FCKeditor.Java, different than fckeditor in the archive
CVE-2009-4874 (TalkBack 2.3.14 does not properly restrict access to the edit comment  ...)
	NOT-FOR-US: TalkBack
CVE-2009-4873 (Stack-based buffer overflow in the HTTP server in Rhino Software Serv- ...)
	NOT-FOR-US: Rhino Software Serv-U Web Client
CVE-2009-4872 (Multiple SQL injection vulnerabilities in globepersonnel_login.asp in  ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in Logoshows B ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in PHPCityPortal a ...)
	NOT-FOR-US: PHPCityPortal
CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest B ...)
	NOT-FOR-US: Nasim Guest Book
CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0  ...)
	NOT-FOR-US: Hitron Soft Answer Me
CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to cause a d ...)
	NOT-FOR-US: Tuniac
CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in Matt's Scrip ...)
	NOT-FOR-US: Matt's Script Archive (MSA) Simple Search
CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in I-Esco ...)
	NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in escorts_search. ...)
	NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows r ...)
	NOT-FOR-US: UltraPlayer Media Player
CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote att ...)
	NOT-FOR-US: Alwasel
CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO ...)
	NOT-FOR-US: SupportPRO SupportDesk
CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier  ...)
	NOT-FOR-US: Typing Pal
CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online Work Ord ...)
	NOT-FOR-US: Online Work Order Suite (OWOS)
CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php in Yaho ...)
	NOT-FOR-US: Yahoo Answers Clone
CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vot ...)
	NOT-FOR-US: PHP Photo Vote
CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy S ...)
	NOT-FOR-US: PHP Easy Shopping Cart
CVE-2009-4855
	NOT-FOR-US: Bogus issue claimed for typo3
	NOTE: See http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/4.2.5-1+lenny3
CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to execut ...)
	NOT-FOR-US: TalkBack
CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before  ...)
	NOT-FOR-US: JumpBox
CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle ...)
	NOT-FOR-US: SemanticScuttle
CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS before  ...)
	NOT-FOR-US: XOOPS
CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote at ...)
	NOT-FOR-US: Awingsoft Awakening Winds3D Viewer
CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirt ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual Vir ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users to caus ...)
	NOT-FOR-US: Deliantra Server
CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow remote ...)
	NOT-FOR-US: Deliantra Server
CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 con ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to t ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require admin ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual Vir ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in  ...)
	NOT-FOR-US: Roxio CinePlayer
CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in IAManag ...)
	NOT-FOR-US: Roxio CinePlayer
CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis  ...)
	- acidbase 1.4.5-1 (bug #587819)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic Analysis an ...)
	- acidbase 1.4.4-1 (low)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis  ...)
	- acidbase 1.4.4-1 (low)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in Movie PHP  ...)
	NOT-FOR-US: Movie PHP Script
CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ( ...)
	- libsndfile 1.0.21-3 (unimportant; bug #530831)
	NOTE: application crash only, so not security-relevant
CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Zeroboard
CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not veri ...)
	NOT-FOR-US: MySQL Connector/NET
CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...)
	NOT-FOR-US: DLPCryptCore
CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates du ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2009-4830 (Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attac ...)
	- openx <itp> (bug #513771)
CVE-2009-4829 (Cross-site scripting (XSS) vulnerability in the Automated Logout modul ...)
	NOT-FOR-US: Automated Logout module for drupal
CVE-2009-4828 (Cross-site request forgery (CSRF) vulnerability in administration/admi ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2009-4827 (Cross-site request forgery (CSRF) vulnerability in admin.php in Mail M ...)
	NOT-FOR-US: Mail Manager Pro
CVE-2009-4826 (Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.ph ...)
	NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web root with ...)
	NOT-FOR-US: 8pixel.net Blog
CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Ser ...)
	{DSA-1897-1}
	- kolab-webclient <undetermined>
	- horde3 3.3.5+debian0-1
	NOTE: package only in experimental; claimed fixed in version 20091202, but not enough info to check
	NOTE: http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/horde-webmail/1.2.0/tg/Attic/t_framework_H_JS_Form_FixFormSecurityForImageUploads.diff?rev=1.1.2.1&only_with_tag=kolab_2_2_branch
CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.h ...)
	NOT-FOR-US: cPanel
CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ka ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-4821 (The D-Link DIR-615 with firmware 3.10NA does not require administrativ ...)
	NOT-FOR-US: D-Link DIR-615
CVE-2009-4820 (Angelo-Emlak 1.0 stores sensitive information under the web root with  ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2009-4819 (Multiple unrestricted file upload vulnerabilities in upload.php in PHP ...)
	NOT-FOR-US: PHPhotoalbum
CVE-2009-4818 (Unrestricted file upload vulnerability in upload.php in PHPSimplicity  ...)
	NOT-FOR-US: PHPSimplicity of Upload
CVE-2009-4817 (Unrestricted file upload vulnerability in Element-IT Ultimate Uploader ...)
	NOT-FOR-US: Element-IT Ultimate Uploader
CVE-2009-4816 (Directory traversal vulnerability in api/download_checker.php in MegaL ...)
	NOT-FOR-US: MegaLab The Uploader
CVE-2009-4815 (Directory traversal vulnerability in Serv-U before 9.2.0.1 allows remo ...)
	NOT-FOR-US: Serv-U
CVE-2009-4814 (Cross-site scripting (XSS) vulnerability in Wolfram Research webMathem ...)
	NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4813 (Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBu ...)
	NOT-FOR-US: MyBB
CVE-2009-4812 (Wolfram Research webMathematica allows remote attackers to obtain sens ...)
	NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Aut ...)
	NOT-FOR-US: VMware
CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain before 2.5. ...)
	- samhain 2.5.4-1 (unimportant)
	NOTE: Support for client/server operation is not enabled in the Debian packages
CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File Sharin ...)
	NOT-FOR-US: Easy File Sharing Web Server
CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers ...)
	NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4807 (Multiple SQL injection vulnerabilities in Graugon PHP Article Publishe ...)
	NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4806 (admin/save_user.asp in Digital Interchange Document Library 1.0.1 does ...)
	NOT-FOR-US: Digital Interchange Document Library
CVE-2009-4805 (Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_q ...)
	NOT-FOR-US: EZ-Blog
CVE-2009-4804 (Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) ex ...)
	NOT-FOR-US: cal extension for typo3
CVE-2009-4803 (SQL injection vulnerability in the Accessibility Glossary (a21glossary ...)
	NOT-FOR-US: a21glossary extension for typo3
CVE-2009-4802 (SQL injection vulnerability in the Flat Manager (flatmgr) extension be ...)
	NOT-FOR-US: fsatmgr extension for typo3
CVE-2009-4801 (EZ-Blog Beta 1 does not require authentication, which allows remote at ...)
	NOT-FOR-US: EZ-Blog
CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 al ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root with in ...)
	NOT-FOR-US: Diskos CMS
CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote  ...)
	NOT-FOR-US: Diskos CMS
CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and earlier al ...)
	NOT-FOR-US: JobHut
CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries function  ...)
	NOT-FOR-US: glFusion
CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2 ...)
	NOT-FOR-US: Xlight FTP Server
CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remo ...)
	NOT-FOR-US: Community CMS
CVE-2009-4793 (Unrestricted file upload vulnerability in adminpanel/scripts/addphotos ...)
	NOT-FOR-US: BandSite CMS
CVE-2009-4792 (SQL injection vulnerability in includes/content/member_content.php in  ...)
	NOT-FOR-US: BandSite CMS
CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections (aka FCMS ...)
	NOT-FOR-US: Family Connections
CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the MojoBlog com ...)
	NOT-FOR-US: mojoblog component for joomla!
CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier allo ...)
	NOT-FOR-US: Pligg
CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg be ...)
	NOT-FOR-US: Pligg
CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1. ...)
	NOT-FOR-US: Pligg
CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews) componen ...)
	NOT-FOR-US: com_quicknews component for joomla!
CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree) component 1 ...)
	NOT-FOR-US: com_joaktree component for joomla!
CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, a ...)
	NOT-FOR-US: Theeta CMS
CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, pos ...)
	NOT-FOR-US: Theeta CMS
CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for ...)
	NOT-FOR-US: TUKEVA Password Reminder
CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ph ...)
	NOT-FOR-US: phpMyFAQ
CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and ...)
	NOT-FOR-US: NukeHall
CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in the Attac ...)
	NOT-FOR-US: BlackBerry PDF distiller
CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi JP1/Automati ...)
	NOT-FOR-US: Hitachi Job Management / System Observer
CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit fo ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12 before  ...)
	NOT-FOR-US: Ipswitch WS_FTP Professional
CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 thr ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-4773 (Cross-site request forgery (CSRF) vulnerability in the order-managemen ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4772 (Unspecified vulnerability in the PayPal Website Payments Standard func ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4771 (The PayPal Website Payments Standard functionality in the Ubercart mod ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4770 (The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5  ...)
	NOT-FOR-US: httpdx
CVE-2009-4769 (Multiple format string vulnerabilities in the tolog function in httpdx ...)
	NOT-FOR-US: httpdx
CVE-2009-4768 (Unspecified vulnerability in the JASS script interpreter in Warcraft I ...)
	NOT-FOR-US: World of Warcraft
CVE-2009-4767 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pl ...)
	NOT-FOR-US: Plohni Shoutbox
CVE-2009-4766 (YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores ...)
	NOT-FOR-US: MS-Pro Portal Scripti
CVE-2009-4765 (CNR Hikaye Portal 2.0 stores sensitive information under the web root  ...)
	NOT-FOR-US: CNR Hikaye Portal
CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that  ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in phpMyVis ...)
	NOT-FOR-US: ClickHeat plugin
CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs  ...)
	- moin 1.9.2-1 (bug #569975; medium)
	[lenny] - moin 1.7.1-3+lenny3 (bug #569975; medium)
	NOTE: see http://www.debian.org/security/2010/dsa-2014
CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...)
	NOT-FOR-US: Mini-stream RM Downloader
CVE-2009-4760 (Winn ASP Guestbook 1.01 Beta stores sensitive information under the we ...)
	NOT-FOR-US: Winn ASP Guestbook
CVE-2009-4759 (Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers  ...)
	NOT-FOR-US: BrotherSoft BMXPlay
CVE-2009-4758 (Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remot ...)
	NOT-FOR-US: Mpegable Player
CVE-2009-4757 (Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows r ...)
	NOT-FOR-US: BrotherSoft EW-MusicPlayer
CVE-2009-4756 (Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatpo ...)
	NOT-FOR-US: Beatport Player
CVE-2009-4755 (Multiple stack-based buffer overflows in Mercury Audio Player 1.21 all ...)
	NOT-FOR-US: Mercury Audio Player
CVE-2009-4754 (Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote ...)
	NOT-FOR-US: Mercury Audio Player
CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS Adapte ...)
	NOT-FOR-US: Addonics NAS Adapter NASU2FW41
CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in Swing ...)
	NOT-FOR-US: Swinger Club Portal
CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club Port ...)
	NOT-FOR-US: Swinger Club Portal
CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer  ...)
	NOT-FOR-US: Top Paidmailer
CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 al ...)
	NOT-FOR-US: PHP Live!
CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category  ...)
	NOT-FOR-US: My Category Order plugin for wordpress
CVE-2009-4747 (PHP remote file inclusion vulnerability in public/code/cp_html2xhtmlba ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels D ...)
	NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels Dre ...)
	NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in Expo ...)
	NOT-FOR-US: Exponent CMS
CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in history-storage ...)
	NOT-FOR-US: AfterLogic WebMail
CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote  ...)
	NOT-FOR-US: Docebo
CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Sky ...)
	NOT-FOR-US: Skype
CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ext ...)
	NOT-FOR-US: ws_ecard extension for typo3
CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
	NOT-FOR-US: SkaDate Dating
CVE-2009-4738 (Unspecified vulnerability in JustSystems Corporation ATOK 2006 through ...)
	NOT-FOR-US: JustSystems Corporation
CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 20 ...)
	NOT-FOR-US: JustSystems Corporation Ichitaro
CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense  ...)
	NOT-FOR-US: CommonSense CMS
CVE-2009-4735 (SQL injection vulnerability in login.php in Allomani Audio &amp; Video ...)
	NOT-FOR-US: Allomani Audio & Video Library
CVE-2009-4734 (SQL injection vulnerability in login.php in Allomani Movies Library (M ...)
	NOT-FOR-US: Allomani Movies Library
CVE-2009-4733 (SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, wh ...)
	NOT-FOR-US: SimpleLoginSys
CVE-2009-4732 (SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5 ...)
	NOT-FOR-US: TT Web Site Manager
CVE-2009-4731 (SQL injection vulnerability in photos.php in Model Agency Manager PRO  ...)
	NOT-FOR-US: Model Agency Manager PRO
CVE-2009-4730 (SQL injection vulnerability in report.php in x10 Adult Media Script 1. ...)
	NOT-FOR-US: Adult Media Script
CVE-2009-4729 (Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media ...)
	NOT-FOR-US: Adult Media Script
CVE-2009-4728 (SQL injection vulnerability in the administrative interface in Questio ...)
	NOT-FOR-US: Questions Answered
CVE-2009-4727 (SQL injection vulnerability in x/login in JungleScripts Ajax Short Url ...)
	NOT-FOR-US: JungleScripts Ajax Short Url
CVE-2009-4726 (Directory traversal vulnerability in download.php in Quickdev 4 PHP al ...)
	NOT-FOR-US: Quickdev 4 PHP
CVE-2009-4725 (Directory traversal vulnerability in modules/aljazeera/admin/setup.php ...)
	NOT-FOR-US: Arab Portal
CVE-2009-4724 (SQL injection vulnerability in shop.htm in PaymentProcessorScript.net  ...)
	NOT-FOR-US: PaymentProcessorScript.net PPScript
CVE-2009-4723 (Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 all ...)
	NOT-FOR-US: Netpet CMS
CVE-2009-4722 (SQL injection vulnerability in the CheckLogin function in includes/fun ...)
	NOT-FOR-US: Limny
CVE-2009-4721 (Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-W ...)
	NOT-FOR-US: Andrews-Web BannerAd
CVE-2009-4720 (SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allo ...)
	- gnudip <removed> (medium; bug #539452)
CVE-2009-4719 (SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows ...)
	NOT-FOR-US: Discloser
CVE-2009-4718 (SQL injection vulnerability in visitorduration.php in Gonafish WebStat ...)
	NOT-FOR-US: Gonafish WebStatCaffe
CVE-2009-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish WebSta ...)
	NOT-FOR-US: Gonafish WebStatCaffe
CVE-2009-4716 (Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZW ...)
	NOT-FOR-US: EDGEPHP EZWebSearch
CVE-2009-4715 (Cross-site scripting (XSS) vulnerability in rates.php in Real Time Cur ...)
	NOT-FOR-US: Real Time Currency Exchange
CVE-2009-4714 (Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS  ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2009-4713 (Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Qu ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2009-4712 (SQL injection vulnerability in index.php in Tukanas Classifieds (aka E ...)
	NOT-FOR-US: EasyClassifieds
CVE-2009-4711 (SQL injection vulnerability in the CoolURI (cooluri) extension before  ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4710 (SQL injection vulnerability in the Reset backend password (cwt_resetbe ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4709 (SQL injection vulnerability in the datamints Newsticker (datamints_new ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4708 (SQL injection vulnerability in the [Gobernalia] Front End News Submitt ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4707 (Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4706 (Cross-site scripting (XSS) vulnerability in the Mailform (mailform) ex ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4705 (Cross-site scripting (XSS) vulnerability in the Twitter Search (twitte ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4704 (Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1 ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4703 (SQL injection vulnerability in the Webesse Image Gallery (ws_gallery)  ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4702 (SQL injection vulnerability in the Tour Extension (pm_tour) extension  ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4701 (SQL injection vulnerability in the Myth download (myth_download) exten ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4700 (Directory traversal vulnerability in index.php in SkaDate Dating allow ...)
	NOT-FOR-US: SkaDate Dating
CVE-2009-4699 (Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating  ...)
	NOT-FOR-US: SkaDate Dating
CVE-2009-4698 (Multiple SQL injection vulnerabilities in the Qas (aka Quas) module fo ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ra ...)
	NOT-FOR-US: RadNICS Gold 5
CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5 allows remo ...)
	NOT-FOR-US: RadNICS Gold 5
CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance Gold 7 ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4694 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts Ra ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4693 (Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB 2. ...)
	NOT-FOR-US: GraFX MiniCWB
CVE-2009-4692 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts Ra ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4691 (SQL injection vulnerability in addlink.php in Classified Linktrader Sc ...)
	NOT-FOR-US: Classified Linktrader Script
CVE-2009-4690 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld P ...)
	NOT-FOR-US: YourFreeWorld Programs Rating Script
CVE-2009-4689 (SQL injection vulnerability in index.php in PHP Shopping Cart Selling  ...)
	NOT-FOR-US: PHP Shopping Cart Selling Website Script
CVE-2009-4688 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in PH ...)
	NOT-FOR-US: PHP Shopping Cart Selling Website Script
CVE-2009-4687 (SQL injection vulnerability in silentum_guestbook.php in Silentum Gues ...)
	NOT-FOR-US: Silentum Guestbook
CVE-2009-4686 (Cross-site scripting (XSS) vulnerability in account.php in phplemon Ad ...)
	NOT-FOR-US: phplemon AdQuick
CVE-2009-4685 (Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scr ...)
	NOT-FOR-US: PHP Scripts Now Astrology
CVE-2009-4684 (Cross-site scripting (XSS) vulnerability in index.php in EZodiak allow ...)
	NOT-FOR-US: EZodiak
CVE-2009-4683 (Directory traversal vulnerability in vote.php in Good/Bad Vote allows  ...)
	NOT-FOR-US: Good/Bad Vote
CVE-2009-4682 (Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote  ...)
	NOT-FOR-US: Good/Bad Vote
CVE-2009-4681 (Cross-site scripting (XSS) vulnerability in search.php in phpDirectory ...)
	NOT-FOR-US: phpDirectorySource
CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource 1.x al ...)
	NOT-FOR-US: phpDirectorySource
CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF Portfolio Nex ...)
	NOT-FOR-US: com_if_nexus component for Joomla!
CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn Guestboo ...)
	NOT-FOR-US: Winn Guestbook
CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Fo ...)
	NOT-FOR-US: phpFK PHP Forum
CVE-2009-4676 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5. ...)
	NOT-FOR-US: JetCast.exe
CVE-2009-4675 (admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant ...)
	NOT-FOR-US: Mole Group Gastro Portal
CVE-2009-4674 (admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script an ...)
	NOT-FOR-US: Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket
CVE-2009-4673 (SQL injection vulnerability in profile.php in Mole Group Adult Portal  ...)
	NOT-FOR-US: Mole Group Adult Portal Script
CVE-2009-4672 (Directory traversal vulnerability in main.php in the WP-Lytebox plugin ...)
	NOT-FOR-US: WP-Lytebox plugin for WordPress
CVE-2009-4671 (Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass auth ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4670 (admin/delitem.php in RoomPHPlanning 1.6 does not require authenticatio ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4669 (Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow rem ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4668 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5. ...)
	NOT-FOR-US: JetCast.exe
CVE-2009-4667 (SQL injection vulnerability in form.php in WebMember 1.0 allows remote ...)
	NOT-FOR-US: WebMember
CVE-2009-4666 (Multiple PHP remote file inclusion vulnerabilities in Webradev Downloa ...)
	NOT-FOR-US: Webradev Download Protect
CVE-2009-4665 (Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.a ...)
	NOT-FOR-US: Cute Editor
CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allow ...)
	- fwbuilder 3.0.7-1 (bug #547390; medium)
	[lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
	- libfwbuilder 3.0.7-1 (bug #547390; medium)
	[lenny] - libfwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
	NOTE: m68k package in debports in still affected at version 3.0.5
	NOTE: see http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX  ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-4661 (Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow  ...)
	NOT-FOR-US: BigAnt Server
CVE-2009-4660 (Stack-based buffer overflow in the AntServer Module (AntServer.exe) in ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2009-4659 (Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows  ...)
	NOT-FOR-US: MP3-Cutter Ease Audio Cutter
CVE-2009-4658 (Xerver 4.32 allows remote authenticated users to cause a denial of ser ...)
	NOT-FOR-US: Xerver
CVE-2009-4657 (The administrator package for Xerver 4.32 does not require authenticat ...)
	NOT-FOR-US: Xerver
CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2. ...)
	NOT-FOR-US: E-Soft DJ Studio Pro
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngirc ...)
	- ngircd 15-0.1
	[lenny] - ngircd <not-affected> (SSL/TLS support not yet present)
CVE-2009-4655 (The dhost web service in Novell eDirectory 8.8.5 uses a predictable se ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-4654 (Stack-based buffer overflow in the dhost module in Novell eDirectory 8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-4653 (Stack-based buffer overflow in the dhost module in Novell eDirectory 8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-4651 (Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comme ...)
	NOT-FOR-US: Webee Comments component for Joomla!
CVE-2009-4650 (SQL injection vulnerability in the Webee Comments (com_webeecomment) c ...)
	NOT-FOR-US: Webee Comments component for Joomla!
CVE-2009-4649 (Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1  ...)
	NOT-FOR-US: geccBBlite
CVE-2009-4648 (Accellion Secure File Transfer Appliance before 8_0_105 does not prope ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4647 (Cross-site scripting (XSS) vulnerability in Accellion Secure File Tran ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4646 (Static code injection vulnerability in the administrative web interfac ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4645 (Directory traversal vulnerability in web_client_user_guide.html in Acc ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows remote  ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-5050 (konversation before 1.2.3 allows attackers to cause a denial of servic ...)
	- konversation 1.2.3-1 (low)
	[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper I ...)
	NOT-FOR-US: Juniper Installer Service
CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
	- ffmpeg 4:0.5.1-1 (medium; bug #570713)
	- ffmpeg-debian <end-of-life>
CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface t ...)
	- gnome-screensaver 2.26.1-2
	[lenny] - gnome-screensaver <not-affected> (vulnerability introduced in 2.26)
	NOTE: only an issue under certain desktop environments such as xfce
CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation s ...)
	- gnome-screensaver 2.28.0-2 (low; bug #569667)
	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attacker ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows re ...)
	- ffmpeg 7:2.4.1-1 (unimportant; bug #550442)
	- ffmpeg-debian <removed> (unimportant)
	NOTE: denial-of-service only, so not worth worrying about
	NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/97154/focus=97156
	NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.issues/6111/focus=6116
CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a deni ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service (crash ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and po ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ca ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparis ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain point ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remot ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other applications,  ...)
	- xulrunner 1.9.1-1 (low)
	[etch] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0-1 (low)
	[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	NOTE: mozilla's dns prefetching leads to disclosure of the user's network location
CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other appl ...)
	- icedove 3.0.2-1 (unimportant)
	[etch] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape <removed> (unimportant)
	[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
CVE-2009-4628 (SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdug ...)
	NOT-FOR-US: Joomla!
CVE-2009-4627 (Directory traversal vulnerability in sources/_template_parser.php in M ...)
	NOT-FOR-US: Moa Gallery
CVE-2009-4626 (Directory traversal vulnerability in menu.php in phpNagios 1.2.0 allow ...)
	NOT-FOR-US: phpNagios
CVE-2009-4625 (SQL injection vulnerability in the updateOnePage function in component ...)
	NOT-FOR-US: Joomla!
CVE-2009-4624 (SQL injection vulnerability in download.php in Nicecoder iDesk allows  ...)
	NOT-FOR-US: Nicecoder iDesk
CVE-2009-4623 (Multiple PHP remote file inclusion vulnerabilities in Advanced Comment ...)
	NOT-FOR-US: Advanced Comment System
CVE-2009-4622 (PHP remote file inclusion vulnerability in admin/admin_news_bot.php in ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2009-4621 (SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier  ...)
	NOT-FOR-US: Discuz
CVE-2009-4620 (SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 ...)
	NOT-FOR-US: Joomla!
CVE-2009-4619 (SQL injection vulnerability in the Lucy Games (com_lucygames) componen ...)
	NOT-FOR-US: Joomla!
CVE-2009-4618 (Multiple SQL injection vulnerabilities in Tourism Script Bus Script al ...)
	NOT-FOR-US: Tourism Script Bus Script
CVE-2009-4617 (Multiple SQL injection vulnerabilities in Tourism Script Accommodation ...)
	NOT-FOR-US: Tourism Script Accommodation Hotel Booking Portal Script
CVE-2009-4616 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday ...)
	NOT-FOR-US: MYRE Holiday Rental Manager
CVE-2009-4615 (SQL injection vulnerability in review.php in MYRE Holiday Rental Manag ...)
	NOT-FOR-US: MYRE Holiday Rental Manager
CVE-2009-4614 (Multiple PHP remote file inclusion vulnerabilities in Moa Gallery 1.2. ...)
	NOT-FOR-US: Moa Gallery
CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in NetArt  ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP  ...)
	- jetty 6.1.22-1 (bug #575789)
CVE-2009-4611 (Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data with ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty  ...)
	- jetty <not-affected> (low; bug #575790)
	NOTE: the exploitable servlet is not shipped in Debian packages
CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attacke ...)
	- jetty <not-affected> (low; bug #575791)
	NOTE: the exploitable servlet is not shipped in Debian packages
CVE-2009-4608 (Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. AC ...)
	NOT-FOR-US: ACCESSGUARDIAN
CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410 with Gu ...)
	NOT-FOR-US: Overland Storage Snap Server
CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the WebDriv ...)
	NOT-FOR-US: South River Technologies WebDrive
CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the Fernan ...)
	NOT-FOR-US: Joomla!
CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7 ...)
	NOT-FOR-US: SAP Kernel
CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x  ...)
	NOT-FOR-US: Randomizer module for Drupal
CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in basic_search_result.php in ...)
	NOT-FOR-US: ZeeJobsite
CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in NetArt  ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) com ...)
	NOT-FOR-US: Joomla!
CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 f ...)
	NOT-FOR-US: Joomla!
CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1 ...)
	NOT-FOR-US: PHP Inventory
CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory ...)
	NOT-FOR-US: PHP Inventory
CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows r ...)
	NOT-FOR-US: PHP Inventory
CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2 ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.2.4-1
	NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked)
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
	NOTE: there is still at least one unserialize() call on _POST data
CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access o ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not ...)
	NOT-FOR-US: Bftpd
CVE-2009-4592 (Unspecified vulnerability in base_local_rules.php in Basic Analysis an ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2009-4591 (SQL injection vulnerability in Basic Analysis and Security Engine (BAS ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2009-4590 (Cross-site scripting (XSS) vulnerability in base_local_rules.php in Ba ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
	NOTE: 1.4.5 fixed more XSS issues in this file
CVE-2009-4588 (Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control ...)
	NOT-FOR-US: AwingSoft Awakening
CVE-2009-4587 (Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of ...)
	- cherokee <not-affected> (Only affects Windows and DOS)
	NOTE: this only works on windows and dos as you are not allowed
	NOTE: to use a file name with AUX and any or no extension as this is a
	NOTE: reserved device name. cherokee was lacking error handling...
CVE-2009-4586 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in W ...)
	NOT-FOR-US: Wowd client
CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under the web ...)
	NOT-FOR-US: UranyumSoft Listing Service
CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote ...)
	NOT-FOR-US: dB Masters Multimedia Links Directory
CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) component for ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary module for ...)
	NOT-FOR-US: XOOPS module
CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in RoseOnline ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3  ...)
	NOT-FOR-US: Hasta Blog
CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue (com_art ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms (com_facil ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 2.07 for ...)
	NOT-FOR-US: MDForum module for MAXdev MDPro
CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) component 1 ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qperso ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts Direct ...)
	NOT-FOR-US: I-Escorts Directory Script
CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (m ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allow ...)
	NOT-FOR-US: PhpShop
CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 a ...)
	NOT-FOR-US: PhpShop
CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remot ...)
	NOT-FOR-US: PhpShop
CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote a ...)
	NOT-FOR-US: elkagroup Image Gallery
CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Us ...)
	- webmin <removed>
CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...)
	NOT-FOR-US: Viscacha
CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remo ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the Z ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in zp-core/admin-optio ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenph ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague ...)
	NOT-FOR-US: WebLeague
CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows r ...)
	NOT-FOR-US: WebLeague
CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module 6. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alp ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module 5. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...)
	NOT-FOR-US: Quick Heal products
CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCar ...)
	NOT-FOR-US: AgoraCart
CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 20 ...)
	NOT-FOR-US: Snitz Forums
CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers to ca ...)
	NOT-FOR-US: iRehearse
CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro module for  ...)
	NOT-FOR-US: module for Miniweb
CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 a ...)
	NOT-FOR-US: module for Miniweb
CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote  ...)
	NOT-FOR-US: A2 Media Player Pro
CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk  ...)
	NOT-FOR-US: ViArt Helpdesk
CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x a ...)
	NOT-FOR-US: ViArt CMS
CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers  ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromoso ...)
	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft Tech ...)
	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft  ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remot ...)
	NOT-FOR-US: Mini CMS
CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager  ...)
	NOT-FOR-US: SQLiteManager
CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2 ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6 (low; bug #564114)
	[etch] - linux-2.6 <not-affected> (does not have e1000e driver)
	- linux-2.6.24 <removed> (low)
	NOTE: just like CVE-2009-4536 but was reported later
CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 a ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11 (medium; bug #564110; bug #591581)
	- linux-2.6.24 <removed> (medium)
CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-6 (low; bug #564114)
	- linux-2.6.24 <removed> (low)
CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the sourc ...)
	NOT-FOR-US: Mongoose
CVE-2009-4534 (Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6 ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4533 (The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4532 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x bef ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4531 (httpdx 1.4.4 and earlier allows remote attackers to obtain the source  ...)
	NOT-FOR-US: httpdx
CVE-2009-4530 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the sourc ...)
	NOT-FOR-US: Mongoose
CVE-2009-4529 (InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote att ...)
	NOT-FOR-US: InterVations NaviCOPA Web Server
CVE-2009-4528 (The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupa ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4527 (The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4526 (The Send by e-mail sub-module in the Print (aka Printer, e-mail and PD ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4525 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4524 (Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4523 (Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 all ...)
	NOT-FOR-US: Zainu
CVE-2009-4522 (Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCM ...)
	NOT-FOR-US: BloofoxCMS
CVE-2009-4521 (Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse ...)
	NOT-FOR-US: Eclipse Business Intelligence and Reporting Tools
CVE-2009-4520 (The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4519 (Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknow ...)
	NOT-FOR-US: Ortro
CVE-2009-4518 (Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4517 (Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4516 (Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4515 (The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privi ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4514 (Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Int ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4513 (Multiple cross-site scripting (XSS) vulnerabilities in the Workflow mo ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when Us ...)
	NOT-FOR-US: Oscailt
CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web administration ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS) befor ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4509 (The administrative web console on the TANDBERG Video Communication Ser ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4508
	RESERVED
CVE-2009-4507
	RESERVED
CVE-2009-4506
	RESERVED
CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Co ...)
	NOT-FOR-US: OpenCMS
CVE-2009-4504
	RESERVED
CVE-2009-4503
	RESERVED
CVE-2009-4502 (The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, whe ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4501 (The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Serv ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4500 (The process_trap function in trapper/trapper.c in Zabbix Server before ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in the  ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows r ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
	{DSA-2092-1}
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745)
	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing non-print ...)
	- boa 0.94.14rc21-4 (unimportant; bug #578035)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable c ...)
	- yaws <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing non-print ...)
	- aolserver4 <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without sanit ...)
	NOT-FOR-US: Orion httpd
CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patc ...)
	- ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
	- ruby1.9 <removed> (unimportant; bug #564647)
	- ruby1.9.1 1.9.1.378-1 (unimportant; bug #564646)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
	NOTE: same as CVE-2009-4487
CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing non-printab ...)
	- thttpd <removed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing non-print ...)
	- mini-httpd <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without  ...)
	- cherokee 0.99.37-1 (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without sanitiz ...)
	- varnish <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing non-printabl ...)
	- nginx <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell iManage ...)
	NOT-FOR-US: iManager
CVE-2009-4485
	REJECTED
CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName func ...)
	{DSA-1997-1}
	- mysql-dfsg-5.0 <removed> (medium)
	- mysql-5.1 5.1.41-4 (medium)
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: http://web.archive.org/web/20100129040903/http://intevydis.blogspot.com:80/2010/01/mysq-yassl-stack-overflow.html
	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows remot ...)
	NOT-FOR-US: MailSite
CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attac ...)
	NOT-FOR-US: TVersity
CVE-2009-4481
	REJECTED
CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might a ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MailSite
CVE-2009-4478 (Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Est ...)
	NOT-FOR-US: Xstate Real Estate
CVE-2009-4477 (SQL injection vulnerability in page.html in Xstate Real Estate 1.0 all ...)
	NOT-FOR-US: Xstate Real Estate
CVE-2009-4476 (Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-0 ...)
	NOT-FOR-US: HAURI ViRobot Desktop
CVE-2009-4475 (SQL injection vulnerability in the Joomlub (com_joomlub) component for ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4474 (SQL injection vulnerability in the Mike de Boer zoom (com_zoom) compon ...)
	NOT-FOR-US: Mambo component
CVE-2009-4473 (Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/Conten ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2009-4472 (Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and ...)
	NOT-FOR-US: PHPope
CVE-2009-4471 (Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 ...)
	NOT-FOR-US: FreeSchool
CVE-2009-4470 (SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remot ...)
	NOT-FOR-US: DVBBS
CVE-2009-4469 (Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc. ...)
	NOT-FOR-US: phpPowerCards
CVE-2009-4468 (Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 a ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4467 (misc.php in DeluxeBB 1.3 allows remote attackers to register accounts  ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4466 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4465 (DeluxeBB 1.3 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4464 (Cross-site scripting (XSS) vulnerability in searchadvance.asp in Activ ...)
	NOT-FOR-US: Active Business Directory
CVE-2009-4463 (Intellicom NetBiter WebSCADA devices use default passwords for the HIC ...)
	NOT-FOR-US: Intellicom NetBiter WebSCADA
CVE-2009-4462 (Stack-based buffer overflow in the NetBiterConfig utility (NetBiterCon ...)
	NOT-FOR-US: Intellicom NetBiter WebSCADA
CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 ...)
	- flatpress <itp> (bug #466297)
CVE-2009-4460 (Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf Traff ...)
	NOT-FOR-US: Auto-Surf Traffic Exchange Script
CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the chara ...)
	- redmine 0.9.1-1 (bug #563940)
CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a  ...)
	{DSA-1985-1}
	- sendmail 8.14.3-9.1 (medium; bug #564581)
	NOTE: http://www.sendmail.org/releases/8.14.4
CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 a ...)
	NOT-FOR-US: FreePBX
CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module befor ...)
	- webmin <removed>
CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1 ...)
	NOT-FOR-US: Green Desktiny
CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security A ...)
	NOT-FOR-US: Cisco
CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...)
	- videocache <itp> (bug #505329)
CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX contr ...)
	NOT-FOR-US: SoftCab Sound Converter ActiveX
CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Vir ...)
	NOT-FOR-US: Kaspersky Anti-Viru
CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper 0 ...)
	NOT-FOR-US: kandalf upper
CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in Live ...)
	NOT-FOR-US: LiveZilla
CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10 ...)
	NOT-FOR-US: MyBB
CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possi ...)
	NOT-FOR-US: MyBB
CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication a ...)
	NOT-FOR-US: Jax Guestbook
CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in phpInstantGal ...)
	NOT-FOR-US: phpInstantGallery
CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in conjunctio ...)
	NOT-FOR-US: Microsoft
CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only th ...)
	NOT-FOR-US: Microsoft
CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) funct ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server Enter ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4441 (Directory Proxy Server (DPS) in Sun Java System Directory Server Enter ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4440 (Directory Proxy Server (DPS) in Sun Java System Directory Server Enter ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4439 (Unspecified vulnerability in the Query Compiler, Rewrite, and Optimize ...)
	NOT-FOR-US: DB2
CVE-2009-4438 (The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 be ...)
	NOT-FOR-US: DB2
CVE-2009-4437 (Multiple SQL injection vulnerabilities in Active Auction House 3.6 all ...)
	NOT-FOR-US: Active Auction House 3.6
CVE-2009-4436 (Multiple SQL injection vulnerabilities in Active Web Softwares eWebqui ...)
	NOT-FOR-US: Active Web Softwares eWebquiz
CVE-2009-4435 (Multiple directory traversal vulnerabilities in F3Site 2009 allow remo ...)
	NOT-FOR-US: F3Site 2009
CVE-2009-4434 (Directory traversal vulnerability in index.php in IDevSpot iSupport 1. ...)
	NOT-FOR-US: IDevSpot
CVE-2009-4433 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSuppo ...)
	NOT-FOR-US: IDevSpot
CVE-2009-4432 (SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 all ...)
	NOT-FOR-US: CodeMight VideoCMS
CVE-2009-4431 (PHP remote file inclusion vulnerability in cal_popup.php in the Anythi ...)
	NOT-FOR-US: Joomla addon
CVE-2009-4430 (SQL injection vulnerability in index.php in VirtueMart 1.0 allows remo ...)
	NOT-FOR-US: VirtueMart
CVE-2009-4429 (Cross-site scripting (XSS) vulnerability in the Sections module 5.x be ...)
	NOT-FOR-US: Drupal addon
CVE-2009-4428 (SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) c ...)
	NOT-FOR-US: Joomla addon
CVE-2009-4427 (Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 a ...)
	{DSA-1965-1}
	- phpldapadmin 1.1.0.7-1.1 (medium; bug #561975)
	[etch] - phpldapadmin <not-affected> (Vulnerable code not present)
CVE-2009-4426 (Multiple directory traversal vulnerabilities in Ignition 1.2, when mag ...)
	NOT-FOR-US: Ignition
CVE-2009-4425 (Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 ...)
	NOT-FOR-US: iDevCart
CVE-2009-4424 (SQL injection vulnerability in results.php in the Pyrmont plugin 2 for ...)
	NOT-FOR-US: Wordpress plugin
CVE-2009-XXXX [ampache DoS and CSRF]
	- ampache 3.5.3-1 (low)
	[lenny] - ampache <no-dsa> (minor issue)
CVE-2009-4423 (SQL injection vulnerability in index.php in weenCompany 4.0.0 allows r ...)
	NOT-FOR-US: weenCompany
CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArgum ...)
	- libphp-jpgraph <not-affected> (Vulnerable code not present)
CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP B ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Sec ...)
	NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM)
CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SI ...)
	NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows context-depen ...)
	- php5 <removed> (unimportant)
	NOTE: Only exploitable by malicious script, not treated as a security issue
	NOTE: per Debian PHP security policy
CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend Framew ...)
	NOTE: the CVE talks about the Zend Framework, but the culprit
	NOTE: is actually piwik
CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare  ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12 ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 allow ...)
	- serendipity 1.5.3-1 (low; bug #562634)
CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when runni ...)
	- acl 2.2.49-2 (low; bug #499076)
	[etch] - acl <not-affected> (Vulnerable code not present)
	[lenny] - acl <no-dsa> (Minor issue, symlink attack not always as root)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51
CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
	NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware
CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser i ...)
	NOT-FOR-US: PyForum
CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum  ...)
	NOT-FOR-US: PyForum
CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American P ...)
	NOT-FOR-US: APC Switched Rack PDU AP7932 B2
CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknow ...)
	- trac 0.11.6-1 (low)
	[lenny] - trac <no-dsa> (Minor information disclosure)
CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allow ...)
	- t-prot 2.8-1 (low)
	[etch] - t-prot <no-dsa> (Minor issue)
	[lenny] - t-prot <no-dsa> (Minor issue)
CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...)
	NOT-FOR-US: Rumba XML
CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file ...)
	- linux-2.6 2.6.32-1 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
CVE-2009-4401 (SQL injection vulnerability in the Parish Administration Database (ste ...)
	NOT-FOR-US: ste_parish_admin typo3 extension
CVE-2009-4400 (Cross-site scripting (XSS) vulnerability in the Parish Administration  ...)
	NOT-FOR-US: ste_parish_admin typo3 extension
CVE-2009-4399 (SQL injection vulnerability in the Parish of the Holy Spirit Religious ...)
	NOT-FOR-US: hs_religiousartgallery typo3 extension
CVE-2009-4398 (Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spi ...)
	NOT-FOR-US: hs_religiousartgallery typo3 extension
CVE-2009-4397 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth  ...)
	NOT-FOR-US: pd_resources typo3 extension
CVE-2009-4396 (SQL injection vulnerability in the Diocese of Portsmouth Resources Dat ...)
	NOT-FOR-US: pd_resources typo3 extension
CVE-2009-4395 (Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_p ...)
	NOT-FOR-US: ste_prayer2 typo3 extension
CVE-2009-4394 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) exten ...)
	NOT-FOR-US: ste_prayer2 typo3 extension
CVE-2009-4393 (SQL injection vulnerability in the Document Directorys (danp_documentd ...)
	NOT-FOR-US: danp_documentdirs
CVE-2009-4392 (SQL injection vulnerability in the XDS Staff List (xds_staff) extensio ...)
	NOT-FOR-US: xds_staff typo3 extension
CVE-2009-4391 (Cross-site scripting (XSS) vulnerability in the File list (dr_blob) ex ...)
	NOT-FOR-US: dr_blob typo3 extension
CVE-2009-4390 (SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 ...)
	NOT-FOR-US: car typo3 extension
CVE-2009-4389 (Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0 ...)
	NOT-FOR-US: aba_watchdog typo3 extension
CVE-2009-4388 (Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) e ...)
	NOT-FOR-US: nl_listman typo3 extension
CVE-2009-4387 (The cross-site scripting (XSS) protection mechanism in ShowInContentAr ...)
	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur B ...)
	NOT-FOR-US: Venalsur Booking Centre Booking System
CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptse ...)
	NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E ...)
	NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P forum  ...)
	NOT-FOR-US: Rocomotion P forum
CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS ...)
	NOT-FOR-US: PHPFABER CMS
CVE-2009-4381 (Cross-site scripting (XSS) vulnerability in index.php in texmedia Mill ...)
	NOT-FOR-US: texmedia Million Pixel Script
CVE-2009-4380 (Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3. ...)
	NOT-FOR-US: Valarsoft Webmatic
CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft Webma ...)
	NOT-FOR-US: Valarsoft Webmatic
CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows  ...)
	- wireshark <not-affected> (Windows-specific)
CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 a ...)
	{DSA-1983-1}
	- wireshark 1.2.5-1
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA  ...)
	- wireshark 1.2.5-1
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4374 (Directory traversal vulnerability in repository/repository_attachment. ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4373 (Unrestricted file upload vulnerability in repository/repository_attach ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5,  ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module (modules ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module (modules/m ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module (module ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1 (low)
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unk ...)
	- centreon-web <itp> (bug #913903)
CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") i ...)
	NOT-FOR-US: Sitecore Staging Module
CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez  ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin.ph ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez  ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framewo ...)
	{DSA-1966-1}
	- horde3 3.3.6+debian0-1 (low)
CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users t ...)
	NOT-FOR-US: IBM AIX
CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users  ...)
	NOT-FOR-US: IBM AIX
CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the Conten ...)
	NOT-FOR-US: XOOPS
CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the SmartMed ...)
	NOT-FOR-US: XOOPS
CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure pe ...)
	NOT-FOR-US: freebsd-update
CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1  ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in Wina ...)
	NOT-FOR-US: Winamp
CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib ...)
	{DSA-1970-1}
	- openssl 0.9.8k-8 (low)
	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
	NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not  ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Activ ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...)
	NOT-FOR-US: WSCreator
CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...)
	NOT-FOR-US: Arctic Issue Tracker
CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in administration/admi ...)
	NOT-FOR-US: Link Up Gold
CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold Bakker ...)
	NOT-FOR-US: Harold Bakker's NewsScript
CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...)
	NOT-FOR-US: daloRADIUS
CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news submitte ...)
	NOT-FOR-US: fe_rtenews typo3 extension
CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox)  ...)
	NOT-FOR-US: vShoutbox typo3 extension
CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_lin ...)
	NOT-FOR-US: zid_linklist typo3 extension
CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company Datab ...)
	NOT-FOR-US: trainincdb typo3 extension
CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange) extensio ...)
	NOT-FOR-US: jobexchange typo3 extension
CVE-2009-4341 (SQL injection vulnerability in the No indexed Search (no_indexed_searc ...)
	NOT-FOR-US: no_indexed_search typo3 extension
CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed Search (no_ ...)
	NOT-FOR-US: no_indexed_search typo3 extension
CVE-2009-4339 (SQL injection vulnerability in the Subscription (mf_subscription) exte ...)
	NOT-FOR-US: mf_subscription typo3 extension
CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow) extensi ...)
	NOT-FOR-US: slideshow typo3 extension
CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_ ...)
	NOT-FOR-US: pd_calendar typo3 extension
CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth  ...)
	NOT-FOR-US: pd_calendar typo3 extension
CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in t ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 con ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 9. ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component i ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2009-XXXX [libhaml-ruby XSS issue]
	- libhaml-ruby 2.2.8-1
CVE-2009-XXXX [roundup: unspecified issue]
	- roundup 1.4.11-1
CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in Mult ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-4323 (The installation for Zen Cart stores sensitive information and insecur ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to obta ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other v ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...)
	NOT-FOR-US: The Next Generation of Genealogy Sitebuilding
CVE-2009-4319 (PHP remote file inclusion vulnerability in js/bbcodepress/bbcode-form. ...)
	NOT-FOR-US: eoCMS
CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate M ...)
	NOT-FOR-US: Real Estate Manager
CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez  ...)
	NOT-FOR-US: ScriptsEz
CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in  ...)
	NOT-FOR-US: ZeeLyrics
CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...)
	NOT-FOR-US: Nuggetz CMS
CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group  ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 S ...)
	NOT-FOR-US: Microsoft
CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows Med ...)
	NOT-FOR-US: Microsoft
CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows Medi ...)
	NOT-FOR-US: Microsoft
CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 filesyst ...)
	{DSA-2005-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kerne ...)
	{DSA-2443-1}
	- linux-2.6 2.6.32-2 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.27)
CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents)  ...)
	- linux-2.6 2.6.32-2 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-4291
	RESERVED
CVE-2009-4290
	RESERVED
CVE-2009-4289
	RESERVED
CVE-2009-4288
	RESERVED
CVE-2009-4287
	RESERVED
CVE-2009-4286
	RESERVED
CVE-2009-4285
	RESERVED
CVE-2009-4284
	RESERVED
CVE-2009-4283
	RESERVED
CVE-2009-4282
	RESERVED
CVE-2009-4281
	RESERVED
CVE-2009-4280
	RESERVED
CVE-2009-4279
	RESERVED
CVE-2009-4278
	RESERVED
CVE-2009-4277
	RESERVED
CVE-2009-4276
	REJECTED
CVE-2009-4275
	REJECTED
CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm befo ...)
	{DSA-2026-1 DTSA-206-1}
	- netpbm-free 2:10.0-12.2 (medium; bug #569060)
CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...)
	- systemtap 1.1-1 (bug #568865)
	[lenny] - systemtap <not-affected> (Server component not yet present)
	[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.1 ...)
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.27)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545411
CVE-2009-4271 (The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platform ...)
	- linux-2.6 2.6.18-1
CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
	{DSA-2080-1}
	- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication f ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://issues.apache.org/jira/browse/DERBY-4483
CVE-2009-4268
	REJECTED
CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed]
	- gnome-screensaver 2.28.0-2 (low; bug #560895)
	[etch] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
	[lenny] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
	NOTE: the code in etch's version is more different but it seems to be affected
	NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3
CVE-2009-5018 (Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier  ...)
	- gif2png 2.5.2-1 (low; bug #550978)
	[etch] - gif2png <no-dsa> (minor issue)
	[lenny] - gif2png <no-dsa> (minor issue)
CVE-2009-XXXX [browser-based css info disclosure]
	- xulrunner <unfixed> (unimportant; bug #560108)
	- webkit <unfixed> (unimportant; bug #560870)
	- qt4-x11 <unfixed> (unimportant; bug #561754)
	- kdelibs <unfixed> (unimportant; bug #561752)
	- kde4libs <removed> (unimportant; bug #561753)
	- kazehakase <unfixed> (unimportant; bug #560871)
	- epiphany-browser <unfixed> (unimportant; bug #560872)
	- galeon <unfixed> (unimportant; bug #560873)
	- dillo <unfixed> (unimportant; bug #560874)
	NOTE: Minor design issue
CVE-2009-XXXX [xpat2: save game permissions issue]
	- xpat2 1.07-17 (unimportant; bug #560087)
CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured Certific ...)
	- network-manager-applet 0.7.2-2 (low; bug #560067)
	[lenny] - network-manager-applet <not-affected> (WPA/enterprise was added in 0.7.2)
	- network-manager <not-affected> (vulnerable code is in -applet, which is a source package on its own as of 0.6.5)
CVE-2009-XXXX [unsafe xfs]
	- xfs 1:1.0.8-6 (low; bug #521107)
	[etch] - xfs <no-dsa> (minor issue)
	[lenny] - xfs 1:1.0.8-2.2+lenny1
CVE-2009-XXXX [xserver-xorg: inherits user's mask]
	- xorg-server 2:1.7.2-1 (low; bug #555308)
	[lenny] - xorg-server 2:1.4.2-10.lenny3
CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and e ...)
	NOT-FOR-US: Taxonomy Timer module for Drupal
CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA pri ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4294 (Unspecified vulnerability in the Authentication Manager (aka utauthd)  ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4293 (Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30  ...)
	NOT-FOR-US: Internet Initiative Japan
CVE-2009-4292 (Buffer overflow in the URL filtering function in Internet Initiative J ...)
	NOT-FOR-US: Internet Initiative Japan
CVE-2009-4266 (Cross-site scripting (XSS) vulnerability in search.php in YABSoft Adva ...)
	NOT-FOR-US: YABSoft Advanced Image Hosting (AIH) Script
CVE-2009-4265 (Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and po ...)
	NOT-FOR-US: Ideal Administration
CVE-2009-4264 (PHP remote file inclusion vulnerability in components/core/connect.php ...)
	NOT-FOR-US: AROUNDMe
CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 ...)
	NOT-FOR-US: PTCPay
CVE-2009-4262 (Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to obta ...)
	NOT-FOR-US: Harold Bakker's Newscript HB-NS
CVE-2009-XXXX [php-net-ping argument injection]
	- php-net-ping 2.4.2-1.1 (medium)
	[etch] - php-net-ping 2.4.2-1+etch1
	[lenny] - php-net-ping 2.4.2-1+lenny1
CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (medium; bug #559531)
	NOTE: MSA-09-0031
CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random pa ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (bug #559531)
	[lenny] - moodle <no-dsa> (Minor issue)
	[etch] - moodle <no-dsa> (Minor issue)
	NOTE: MSA-09-0029
CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hash ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0028
CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0027
CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MN ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0026
CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.1 ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (bug #559531)
	[lenny] - moodle <no-dsa> (Minor issue)
	[etch] - moodle <no-dsa> (Minor issue)
	NOTE: MSA-09-0025
CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 befor ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0024
CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0023
CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0022
CVE-2009-5042 (python-docutils allows insecure usage of temporary files ...)
	- python-docutils 0.6-2 (low; bug #560755)
	[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
	[lenny] - python-docutils 0.5-2+lenny1
	NOTE: cve requested
CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator framewo ...)
	{DSA-1959-1}
	- ganeti 2.0.5-1 (low)
	NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
CVE-2009-4260
	RESERVED
CVE-2009-4259
	RESERVED
CVE-2009-4258
	RESERVED
CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlre ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...)
	NOT-FOR-US: AlefMentor
CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1 ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4254 (PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: PowerPhlogger
CVE-2009-4253 (Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlog ...)
	NOT-FOR-US: PowerPhlogger
CVE-2009-4252 (Cross-site scripting (XSS) vulnerability in images.php in Image Hostin ...)
	NOT-FOR-US: Image Hosting Script DPI
CVE-2009-4251 (Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Pai ...)
	NOT-FOR-US: Jasc Paint Shop Pro
CVE-2009-4250 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNew ...)
	NOT-FOR-US: CuteNews
CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNew ...)
	NOT-FOR-US: CuteNews
CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest functio ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4247 (Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetwo ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer  ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function  ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the Dat ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM Inf ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow  ...)
	NOT-FOR-US: TestLink
CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2009-4236 (The process function in data/class/pages/admin/customer/LC_Page_Admin_ ...)
	NOT-FOR-US: EC-CUBE
CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...)
	{DSA-1960-1}
	- acpid 1.0.6 (low; bug #560771)
	NOTE: all versions set umask(0), might be worth double-checking what it opens
CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtm ...)
	NOT-FOR-US: Micronet Network Access Controller
CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php i ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4232 (The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not prop ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4231 (Directory traversal vulnerability in as/lib/plugins.php in SweetRice 0 ...)
	NOT-FOR-US: SweetRice
CVE-2009-4230 (Multiple stack-based buffer overflows in src/Task.cc in the FastCGI pr ...)
	NOT-FOR-US: IIPImage Server
CVE-2009-4229 (Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bi ...)
	NOT-FOR-US: ActiveWebSoftwares Active Bids
CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris snv_1 ...)
	NOT-FOR-US: OpenSolaris kernel
CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.d ...)
	NOT-FOR-US: PestPatrol
CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlie ...)
	- xfig <unfixed> (unimportant)
CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in f_r ...)
	- xfig 1:3.2.5.b-1 (low; bug #559274)
	[lenny] - xfig <no-dsa> (Minor issue)
	[etch] - xfig <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12 ...)
	{DSA-2002-1}
	- polipo 1.0.4-2 (low; bug #560779)
	[etch] - polipo <no-dsa> (Minor issue)
	[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...)
	NOT-FOR-US: SweetRice
CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1 ...)
	NOT-FOR-US: KR-Web
CVE-2009-4222 (phpBazar 2.1.1fix and earlier does not require administrative authenti ...)
	NOT-FOR-US: phpBazar
CVE-2009-4221 (SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and ...)
	NOT-FOR-US: phpBazar
CVE-2009-4220 (PHP remote file inclusion vulnerability in includes/classes/pctemplate ...)
	NOT-FOR-US: PointComma
CVE-2009-4219 (Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX c ...)
	NOT-FOR-US: Haihaisoft Universal Player
CVE-2009-4218 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Ba ...)
	NOT-FOR-US: JiRo's Banner System eXperience (JBSX)
CVE-2009-4217 (SQL injection vulnerability in the Itamar Elharar MusicGallery (com_mu ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4216 (Directory traversal vulnerability in funzioni/lib/menulast.php in klin ...)
	NOT-FOR-US: klinza
CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus Pr ...)
	NOT-FOR-US: Panda
CVE-2009-4213
	RESERVED
CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption func ...)
	{DSA-1969-1}
	- krb5 1.8+dfsg~alpha1-1
CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness  ...)
	NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script
CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Ser ...)
	NOT-FOR-US: Microsoft
CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: moziloCMS
CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS)  ...)
	NOT-FOR-US: Open-school
CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x bef ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million Dollar ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight Free Edit ...)
	NOT-FOR-US: Flashlight Free Edition
CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free Edition all ...)
	NOT-FOR-US: Flashlight Free Edition
CVE-2009-4203 (Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php  ...)
	NOT-FOR-US: Arab Portal
CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery (com_omp ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant Professiona ...)
	NOT-FOR-US: Mp3 Tag Assistant Professional
CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) component 1.2 ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos  ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill allows remo ...)
	NOT-FOR-US: MyMiniBill
CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7 ...)
	NOT-FOR-US: Huawei MT882 V100R002B020
CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple script ...)
	NOT-FOR-US: Huawei MT882 V100R002B020
CVE-2009-4195 (Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlie ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2009-4194 (Directory traversal vulnerability in Golden FTP Server 4.30 Free and P ...)
	NOT-FOR-US: Golden FTP
CVE-2009-4192 (Directory traversal vulnerability in dialog/file_manager.php in Inters ...)
	NOT-FOR-US: Interspire Knowledge Manager
CVE-2009-4191 (Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSola ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4190 (Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 all ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4189 (HP Operations Manager has a default password of OvW*busr1 for the ovwe ...)
	NOT-FOR-US: HP Operations Manager
CVE-2009-4188 (HP Operations Dashboard has a default password of j2deployer for the j ...)
	NOT-FOR-US: HP Operations Dashboard
CVE-2009-4187 (Multiple cross-site scripting (XSS) vulnerabilities in the Gateway com ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2009-4186 (Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allow ...)
	NOT-FOR-US: Apple Safari
CVE-2009-4185 (Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in H ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECM ...)
	NOT-FOR-US: HP Enterprise Cluster Master Toolkit
CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 a ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a r ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Nod ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager ( ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenVie ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote atta ...)
	NOT-FOR-US: CuteNews
CVE-2009-4174 (The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews befor ...)
	NOT-FOR-US: CuteNews
CVE-2009-4173 (Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1. ...)
	NOT-FOR-US: CuteNews
CVE-2009-4172 (Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteN ...)
	NOT-FOR-US: CuteNews
CVE-2009-4171 (An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.21 ...)
	NOT-FOR-US: ActiveX
CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, al ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-C ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_b ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 fo ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ext ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar (simple ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3. ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_se ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter a ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter configurati ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension befor ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in th ...)
	NOT-FOR-US: Joomla!
CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in Ci ...)
	NOT-FOR-US: Ciamos CMS
CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...)
	NOT-FOR-US: Eshopbuilde
CVE-2009-4154 (Directory traversal vulnerability in includes/feedcreator.class.php in ...)
	NOT-FOR-US: Elxis CMS
CVE-2009-4153 (Unspecified vulnerability in the XMLAccess component in IBM WebSphere  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration componen ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in  ...)
	{DSA-1944-1}
	- request-tracker3.6 3.6.9-2 (low)
	- request-tracker3.4 <removed>
CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA Se ...)
	NOT-FOR-US: CA Service Desk
CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...)
	NOT-FOR-US: DAZ Studio
CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld- ...)
	- kfreebsd-6 <not-affected> (the affected file -rtld.c-  is not in the archive, not even kFreeBSD)
CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld- ...)
	- kfreebsd-6 <not-affected> (the affected file -rtld.c-  is not in the archive, not even kFreeBSD)
CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection o ...)
	- network-manager-applet 0.7.2-2 (low; bug #563371)
	- network-manager <not-affected> (-editor introduced in 0.7 on the -applet package)
	[lenny] - network-manager-applet <not-affected> (-editor was introduced in 0.7)
CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has uns ...)
	{DSA-2001-1}
	- php5 5.2.12.dfsg.1-1 (low)
CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly h ...)
	{DSA-2001-1}
	- php5 5.2.12.dfsg.1-1 (medium)
CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in fs/fcntl ...)
	- linux-2.6 2.6.32-6
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...)
	- piwik <itp> (bug #506933)
CVE-2009-4139 (Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java  ...)
	NOT-FOR-US: spacewalk-java
CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when p ...)
	{DSA-2005-1}
	- linux-2.6 2.6.32-3 (medium)
	[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before  ...)
	- piwik <itp> (bug #506933)
CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1. ...)
	{DSA-1964-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 8.3.9-1 (low)
	- postgresql-8.4 8.4.2-1 (low)
CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 ...)
	- coreutils <not-affected> (this issue only affects the coreutils build process; bug #560898)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
CVE-2009-4134 (Buffer underflow in the rgbimg module in Python 2.5 allows remote atta ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2009-4132
	REJECTED
CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the e ...)
	- linux-2.6 2.6.32-2 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (introduced in 2.6.31)
CVE-2009-XXXX [monkey DoS]
	- monkey 0.9.3-1 (low)
	[lenny] - monkey <no-dsa> (Minor issue, fringe package)
CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function  ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...)
	- grub2 1.97+20091115-1 (bug #555195)
	[lenny] - grub2 <not-affected> (Password authentication not yet present)
	- grub <not-affected> (only affects grub2)
CVE-2009-4127 (Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9. ...)
	NOT-FOR-US: Wikipedia Toolbar extension for Firefox
CVE-2009-4126
	RESERVED
CVE-2009-4125
	RESERVED
CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in string.c  ...)
	- ruby1.9.1 1.9.1.376-1
	- ruby1.9 <removed> (bug #572817)
	- ruby1.8 <not-affected>
	NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
CVE-2009-4123
	RESERVED
CVE-2009-4122
	RESERVED
CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CM ...)
	NOT-FOR-US: Quick CMS
CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Ca ...)
	NOT-FOR-US: Quick.Cart
CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.ex ...)
	NOT-FOR-US: Cisco VPN client for Windows
CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before  ...)
	NOT-FOR-US: MuPDF
CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6 ...)
	NOT-FOR-US: CutePHP
CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories modul ...)
	NOT-FOR-US: CutePHP CuteNews
CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ver ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-4113 (Static code injection vulnerability in the Categories module in CutePH ...)
	NOT-FOR-US: CutePHP CuteNews
CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent an ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remo ...)
	NOT-FOR-US: Invisible Browsing
CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...)
	NOT-FOR-US: Agoko CMS
CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a d ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyfte ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allow ...)
	NOT-FOR-US: Robo-FTP
CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain operatio ...)
	{DSA-1951-1}
	- firefox-sage 1.4.3-4 (medium; bug #559267)
CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ope ...)
	NOT-FOR-US: infoRSS extension for Firefox
CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain operations w ...)
	NOT-FOR-US: Yoono extension for Firefox
CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar (com_gcal ...)
	NOT-FOR-US: Joomla! Component
CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ads ...)
	- openx <itp> (bug #513771)
CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...)
	NOT-FOR-US: Serenity Audio Player
CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web roo ...)
	NOT-FOR-US: RADIO istek scripti
CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an  ...)
	NOT-FOR-US: myPhile
CVE-2009-4094 (PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav. ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...)
	NOT-FOR-US: Simplog
CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...)
	NOT-FOR-US: Simplog
CVE-2009-4091 (comments.php in Simplog 0.9.3.2, and possibly earlier, does not proper ...)
	NOT-FOR-US: Simplog
CVE-2009-4090 (Unrestricted file upload vulnerability in ajax/addComment.php in telep ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4089 (telepark.wiki 2.4.23 and earlier allows remote attackers to bypass aut ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4088 (Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 a ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4087 (Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4086 (CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allow ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-4085 (PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_i ...)
	NOT-FOR-US: PHP Traverser
CVE-2009-4084 (SQL injection vulnerability in the search feature in e107 0.7.16 and e ...)
	NOT-FOR-US: e107
CVE-2009-4083 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and ...)
	NOT-FOR-US: e107
CVE-2009-4082 (PHP remote file inclusion vulnerability in forums/Forum_Include/index. ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...)
	- dstat <not-affected> (Fixed/tracked as CVE-2009-3894)
	NOTE: This second ID is about the same issue, but for an older version, see
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=293497
	NOTE: For Debian we'll just use CVE-2009-3894 and mark this one as not-affected
CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP cl ...)
	NOT-FOR-US: ldap_cachemgr in Sun Solaris
CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and e ...)
	- redmine 0.9.0~svn2902-1
CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 a ...)
	- redmine 0.9.0~svn2902-1
CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...)
	- roundcube 0.3-1
CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0 ...)
	- roundcube 0.3-1
CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun Sola ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
	{DSA-2301-1 DSA-2260-1}
	- rails 2.2.3-2 (low; bug #558685)
	NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows rem ...)
	NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places scr ...)
	NOT-FOR-US: Opera
CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly othe ...)
	{DSA-1818-1}
	- gforge 4.7.3-2
CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14,  ...)
	{DSA-1818-1}
	- gforge 4.7.3-2
CVE-2009-4068
	RESERVED
CVE-2009-4067 (Buffer overflow in the auerswald_probe function in the Auerswald Linux ...)
	{DSA-2310-1}
	- linux-2.6 2.6.28-1 (low)
	NOTE: Driver was removed in 2.6.27
CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the "My  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the S ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the Printfriend ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement m ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in Cu ...)
	NOT-FOR-US: CubeCart
CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component f ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction Scri ...)
	NOT-FOR-US: Telebid Auction Script
CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (co ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5  ...)
	NOT-FOR-US: Betsy CMS
CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27 ...)
	{DSA-1952-1}
	- asterisk 1:1.6.2.0~rc7-1 (bug #559103)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-4054
	REJECTED
CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1 ...)
	NOT-FOR-US: Home FTP Server
CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget  ...)
	NOT-FOR-US: IBM Rational Application Developer for WebSphere
CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: Home FTP Server
CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro 2. ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in a ...)
	NOT-FOR-US: avast
CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated  ...)
	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1 ...)
	NOT-FOR-US: PHD Help Desk
CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...)
	[experimental] - cacti 1.2.0~beta2+ds1-1
	- cacti 1.2.1+ds1-1 (unimportant; bug #561339)
	NOTE: 4B0E1566.1070509@moritz-naumann.com in bugtraq
	NOTE: as one requires admin access to cacti, upstream will implement a whitelist
	NOTE: https://github.com/Cacti/cacti/issues/1072
CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e al ...)
	{DSA-1954-1}
	- cacti 0.8.7e-1.1 (low; bug #561338)
	NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
	NOTE: http://www.cacti.net/download_patches.php
	NOTE: incomplete, probably another CVE id will be allocated: https://bugzilla.redhat.com/show_bug.cgi?id=541279#c17
CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x b ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before  ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the expected a ...)
	NOT-FOR-US: Web Services module for Drupal
CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x be ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x be ...)
	NOT-FOR-US: theme for Drupal
CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: UseBB
CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...)
	NOT-FOR-US: phpMyFAQ
CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...)
	- piwigo <not-affected> (Fixed before initial upload to the archive)
CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software Ax ...)
	NOT-FOR-US: NCH Software Axon Virtual PBX
CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before  ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4036
	REJECTED
CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
	- kdegraphics 4:4.0.0-1
	- xpdf 3.01-1
	- poppler 0.5.1-1
	- swftools 0.9.2+ds1-2
	NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14
	NOTE: but at least version 0.4.5 does *not* contain the ship.
	NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1. ...)
	{DSA-1964-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 8.3.9-1 (low)
	- postgresql-8.4 8.4.2-1 (low)
CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to ...)
	- acpid <not-affected> (problem in redhat-specific patch; debian uses sensible permissions 0664)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=515062
CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulat ...)
	{DSA-1962-1}
	- linux-2.6 2.6.32-3 (low)
	[lenny] - linux-2.6 2.6.26-21
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed> (low; bug #562075)
CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain privile ...)
	{DSA-1997-1}
	- mysql-5.1 5.1.43-1
	- mysql-dfsg-5.0 <removed>
CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, an ...)
	- automake 1:1.4-p6-13.1
	[lenny] - automake <no-dsa> (Minor issue)
	- automake1.9 1.9.6+nogfdl-3.1
	[lenny] - automake1.9 <no-dsa> (Minor issue)
	- automake1.7 1.7.9-9.1
	[lenny] - automake1.7 <no-dsa> (Minor issue)
	- automake1.10 1:1.10.3-1
	[lenny] - automake1.10 <no-dsa> (Minor issue)
	NOTE: spu will be released to avoid spreading the bug even further
	NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x b ...)
	- mysql-5.1 <not-affected> (Vulnerable code not present)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
	NOTE: built with --without-openssl
CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before 2. ...)
	{DSA-1996-1 DTSA-204-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.26)
	- linux-2.6.24 <not-affected> (introduced in 2.6.26)
CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-2009 ...)
	{DTSA-204-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.30)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.30)
	- linux-2.6.24 <not-affected> (introduced in 2.6.30)
CVE-2009-4025 (Argument injection vulnerability in the traceroute function in Tracero ...)
	NOT-FOR-US: Net_Traceroute PEAR module
CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in t ...)
	{DSA-1949-1}
	- php-net-ping 2.4.2-1.1 (medium)
	NOTE: fix applied by upstream is incomplete, reported to oss-sec
CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail pack ...)
	{DSA-1938-1}
	- php-mail 1.1.14-2 (medium; bug #557121)
	[lenny] - php-mail 1.1.14-1+lenny1
	[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...)
	{DSA-1938-1}
	- php-mail 1.1.14-2 (medium; bug #557121)
	[lenny] - php-mail 1.1.14-1+lenny1
	[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before  ...)
	{DSA-1961-1}
	- bind9 1:9.6.1.dfsg.P2-1 (medium)
	NOTE: https://www.isc.org/node/504
	NOTE: Only affects installations with trust anchors, but then the
	NOTE: consequences are quite severe.
CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2 ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-3 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ( ...)
	{DSA-1997-1}
	- mysql-5.1 5.1.41-1
	- mysql-dfsg-5.0 <removed>
	NOTE: http://web.archive.org/web/20140722233305/http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
	NOTE: http://web.archive.org/web/20140723045533/http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
	NOTE: http://bugs.mysql.com/47780
	NOTE: http://bugs.mysql.com/48291
CVE-2009-4018 (The proc_open function in ext/standard/proc_open.c in PHP before 5.2.1 ...)
	- php5 5.2.11.dfsg.1-1 (unimportant)
	NOTE: safe_mode bypass
CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1)  ...)
	{DSA-1980-1}
	- ircd-ratbox 3.0.6.dfsg-1 (medium; bug #567191)
	- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (medium; bug #567192)
	- oftc-hybrid 1.6.3.dfsg-1.1 (medium; bug #567193)
CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x befor ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through 1.23. ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow contex ...)
	{DSA-1971-1}
	- libthai 0.1.13-1
CVE-2009-4011 (dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an atta ...)
	- dtc-xen 0.5.4-1
	[lenny] - dtc-xen <not-affected> (Only affects 0.5.x)
CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows r ...)
	{DSA-1968-2 DSA-1968-1}
	- pdns-recursor 3.1.7.2-1 (high)
CVE-2009-4009 (Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote atta ...)
	{DSA-1968-1}
	- pdns-recursor 3.1.7.2-1 (high)
	[etch] - pdns-recursor <not-affected> (vulnerable code not present)
CVE-2009-4008 (Unbound before 1.4.4 does not send responses for signed zones after mi ...)
	{DSA-2243-1}
	- unbound 1.4.4-1 (low)
CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function in src ...)
	- openttd 0.7.5-1
	[lenny] - openttd 0.6.2-1+lenny1
CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
	NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the L ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers  ...)
	NOT-FOR-US: XnView
CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP P ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power M ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-3998
	RESERVED
CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Win ...)
	NOT-FOR-US: winamp
CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug- ...)
	{DSA-2071-1}
	- libmikmod 3.1.11-6.2 (bug #575742)
	- pysol-sound-server <removed> (unimportant)
	NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files
CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Dec ...)
	{DSA-2081-1 DSA-2071-1}
	- libmikmod 3.1.11-6.2 (bug #575742)
	- pysol-sound-server <removed> (unimportant)
	NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files
CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in src-IL/src/il_di ...)
	- devil 1.7.8-6 (low; bug #560080)
	[lenny] - devil <no-dsa> (Minor issue)
	[etch] - devil <no-dsa> (Minor issue)
CVE-2009-3993
	REJECTED
CVE-2009-3992
	REJECTED
CVE-2009-3991
	REJECTED
CVE-2009-3990
	REJECTED
CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3. ...)
	- bugzilla 3.4.7.0-1 (unimportant)
	NOTE: http://www.bugzilla.org/security/3.0.10/
CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMon ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3 ...)
	- xulrunner <not-affected> (Windows-specific vulnerability)
CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey be ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	- xulrunner 1.9.1.6-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1
	NOTE: Only affects Firefox 3
CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner 1.9.1.6-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
	- xulrunner 1.9.1.5-1 (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ActiveDom.oc ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to caus ...)
	NOT-FOR-US: Labtam ProFTP
CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2. ...)
	NOT-FOR-US: Moa Gallery
CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...)
	NOT-FOR-US: Invision Power Board
CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script allo ...)
	NOT-FOR-US: Turnkey Arcade Script
CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirl ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 a ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka Websit ...)
	NOT-FOR-US: PHP Dir Submit
CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote attacker ...)
	NOT-FOR-US: Faslo Player
CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote a ...)
	NOT-FOR-US: ITechBids
CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged L ...)
	NOT-FOR-US: Ed Charkow SuperCharged Linking
CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Arcade Trade Script
CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 all ...)
	NOT-FOR-US: New 5 star Rating
CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) com ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3898 (Directory traversal vulnerability in src/http/modules/ngx_http_dav_mod ...)
	- nginx 0.7.63-1 (low; bug #557389)
	[etch] - nginx <no-dsa> (upload rights required)
	[lenny] - nginx <no-dsa> (upload rights required)
CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ce ...)
	- dovecot 1:1.2.8-1 (medium; bug #557601)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
	[etch] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number  ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-2 (medium)
	- php4 <removed> (medium)
	NOTE: workarounds include using 5.3.1 or php5-suhosin
	NOTE: 4B068517.802@acunetix.com on bugtraq explains it
CVE-2009-3080 (Array index error in the gdth_read_event function in drivers/scsi/gdth ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have  ...)
	NOT-FOR-US: XOOPS
CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW,  ...)
	NOT-FOR-US: 2wire Gateway
CVE-2009-3961 (SQL injection vulnerability in user.php in Super Serious Stats (aka su ...)
	NOT-FOR-US: Super Serious Stats
CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveC ...)
	NOT-FOR-US: LiveCycle
CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus  ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3,  ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and  ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illust ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
	NOT-FOR-US: Flash Player
CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus SunTrac ...)
	NOT-FOR-US: Bractus SunTrack
CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not req ...)
	NOT-FOR-US: VivaPrograms Infinity
CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a d ...)
	NOT-FOR-US: JetAudio
CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows rem ...)
	NOT-FOR-US: Tandberg MXP F7.0
CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an extension's X ...)
	NOT-FOR-US: Joomla!
CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the com_content c ...)
	NOT-FOR-US: component in Joomla!
CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 all ...)
	NOT-FOR-US: BlackBerry Browser on the BlackBerry 8800
CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0. ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not pro ...)
	- msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324)
CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not prop ...)
	- mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326)
CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6 ...)
	- virtualbox-guest-additions 3.0.10-1
CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel  ...)
	{DSA-1996-1}
	- linux-2.6 2.6.32-6 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <removed> (low)
CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x ...)
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm 88+dfsg-2 (medium; bug #557736)
	[lenny] - kvm <not-affected> (vulnerable code not present)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a9e38c3e01ad242fe2a625354cf065c34b01e3aa
CVE-2009-3937 (Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through  ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-3936 (Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x  ...)
	NOT-FOR-US: Citrix Online Plug-in
CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, allo ...)
	- webkit <not-affected> (chromium-specific issue in their timer)
	- qt4-x11 <not-affected> (chromium-specific issue in their timer)
	- kdelibs <not-affected> (chromium-specific issue in their timer)
	- kde4libs <not-affected> (chromium-specific issue in their timer)
	- chromium-browser <not-affected> (Only 0.x is affected)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows user-assist ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (gears is only implemented in chromium)
CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow u ...)
	- file 5.03-1
	[lenny] - file <not-affected>
	[etch] - file <not-affected>
CVE-2009-3929
	REJECTED
CVE-2009-3928
	REJECTED
CVE-2009-3927
	REJECTED
CVE-2009-3926
	REJECTED
CVE-2009-3925
	REJECTED
CVE-2009-XXXX [eglibc: ldd arbitrary code execution]
	- eglibc 2.10.1-7 (unimportant; bug #552518)
	- glibc 2.10.1-7 (unimportant; bug #552518)
CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and poss ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Inf ...)
	NOT-FOR-US: Sun Virtual Desktop Infrastructure
CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3 ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integratio ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x bef ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the "Separate title and UR ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation m ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools all ...)
	NOT-FOR-US: Xerox Fiery Webtools
CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 allo ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3910
	RESERVED
CVE-2009-3909 (Integer overflow in the read_channel_data function in plug-ins/file-ps ...)
	- gimp 2.6.7-1.1 (medium; bug #556750)
	NOTE: http://secunia.com/secunia_research/2009-43/
CVE-2009-3908
	REJECTED
CVE-2009-3907
	REJECTED
CVE-2009-3906
	REJECTED
CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS a ...)
	NOT-FOR-US: e-Courier CMS
CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not proper ...)
	NOT-FOR-US: CubeCart
CVE-2009-3903 (Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp ...)
	NOT-FOR-US: ManageEngine Netflow Analyzer 7.5 build 7500
CVE-2009-3902 (Directory traversal vulnerability in Cherokee Web Server 0.5.4 and ear ...)
	- cherokee <not-affected> (Only windows version is affected)
CVE-2009-3901 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS a ...)
	NOT-FOR-US: e-Courier CMS
CVE-2009-3900 (Unspecified vulnerability in the Cluster Management component in IBM P ...)
	NOT-FOR-US: IBM PowerHA
CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14 ...)
	{DSA-1920-1}
	- nginx 0.7.62-1
CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...)
	- libexif 0.6.19-1 (medium; bug #557137)
	[lenny] - libexif <not-affected> (Only 0.6.18 is affected)
	[etch] - libexif <not-affected> (Only 0.6.18 is affected)
CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 a ...)
	- dstat 0.7.0-1 (low; bug #557989)
	[lenny] - dstat <no-dsa> (Minor issue)
	[etch] - dstat <no-dsa> (Minor issue)
	NOTE: http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
CVE-2009-3893
	RESERVED
CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...)
	- wordpress 2.8.6-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype functi ...)
	- wordpress 2.8.6-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel befor ...)
	{DSA-2005-1}
	- linux-2.6 2.6.27-1 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2. ...)
	- linux-2.6 <not-affected> (Vulnerable code not built)
	- linux-2.6.24 <not-affected> (Vulnerable code not built)
CVE-2009-3887 (ytnef has directory traversal ...)
	- ytnef <removed> (bug #567631)
	[lenny] - ytnef <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
	NOTE: This doesn't affect Evolution, the TNEF plugin is external
CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 do ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows all ...)
	- openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms)
	- sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114
CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 an ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in Su ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK,  ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32Graph ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspeci ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Upd ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Upd ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) i ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update  ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in J ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the Abstra ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before  ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in  ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Up ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime Env ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
	- openjdk-6 6b17 (unimportant)
	- sun-java6 6-17-1 (unimportant)
	NOTE: a problem in their updater, which is irrelevant since debian
	NOTE: updates are provided by the security team
CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise  ...)
	NOT-FOR-US: ActiveX
CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and e ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and ...)
	NOT-FOR-US: SafeNet SoftRemote
CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs COMRaider al ...)
	NOT-FOR-US: Idefense Labs COMRaider
CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retin ...)
	NOT-FOR-US: Retina Network Security Scanner
CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows remote att ...)
	NOT-FOR-US: GejoSoft
CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows user-assis ...)
	NOT-FOR-US: Softonic International SciTE
CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ i ...)
	NOT-FOR-US: Twilight CMS
CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux bac ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in I ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) schedu ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for Jav ...)
	NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0
CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of  ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execut ...)
	- blender <unfixed> (unimportant)
	NOTE: attack vector is social engineering to get the user to open
	NOTE: a malicious .blend file. by design, blend files support
	NOTE: all python operations, so ultimately any code can be executed
CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node Mana ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3847 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Net ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView Dat ...)
	NOT-FOR-US: HP OpenView Data Protector Application
CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in t ...)
	NOT-FOR-US: HP Operations Manager
CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...)
	NOT-FOR-US: HP Color LaserJet
CVE-2009-3841 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping Inv ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping
CVE-2009-3840 (The embedded database engine service (aka ovdbrun.exe) in HP OpenView  ...)
	NOT-FOR-US: HP OpenView
CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy con ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly  ...)
	NOT-FOR-US: Pegasus Mail
CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 se ...)
	NOT-FOR-US: Eureka Email
CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aru ...)
	NOT-FOR-US: ArubaOS
CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for Joo ...)
	NOT-FOR-US: Joomla!
CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...)
	NOT-FOR-US: Joomla!
CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0. ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ren ...)
	NOT-FOR-US: Opera
CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Opera
CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ShareP ...)
	NOT-FOR-US: Microsoft
CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows rem ...)
	{DSA-1942-1}
	- wireshark 1.2.2-1 (bug #553583)
CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...)
	NOT-FOR-US: Everfocus EDR1600 DVR
CVE-2009-3827
	RESERVED
CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to  ...)
	{DSA-2040-1}
	- squidguard 1.2.0-9 (low; bug #553319)
CVE-2009-3825 (Multiple directory traversal vulnerabilities in GenCMS 2006 allow remo ...)
	NOT-FOR-US: GenCMS
CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in Greenwoo ...)
	NOT-FOR-US: Greenwood PHP Content Manager
CVE-2009-3823 (Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, ...)
	NOT-FOR-US: Mobilelib GOLD
CVE-2009-3822 (PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat ( ...)
	NOT-FOR-US: com_ajaxchat component for Joomla
CVE-2009-3821 (Cross-site scripting (XSS) vulnerability in the Apache Solr Search (so ...)
	NOT-FOR-US: Apache Solr Search extension for TYPO3
CVE-2009-3820 (SQL injection vulnerability in the Flagbit Filebase (fb_filebase) exte ...)
	NOT-FOR-US: Flagbit Filebase extension for TYPO3
CVE-2009-3819 (Unspecified vulnerability in the Random Images (maag_randomimage) exte ...)
	NOT-FOR-US: Random Images extension for TYPO3
CVE-2009-3818 (Unspecified vulnerability in the session handling feature in freeCap C ...)
	NOT-FOR-US: freeCap CAPTCHA for TYPO3
CVE-2009-3817 (PHP remote file inclusion vulnerability in doc/releasenote.php in the  ...)
	NOT-FOR-US: com_booklibrary component for Joomla!
CVE-2009-3816 (Multiple cross-site scripting (XSS) vulnerabilities in Activities page ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2009-3815 (RunCMS 2M1, when running with certain error_reporting levels, allows r ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3814 (Static code injection vulnerability in RunCMS 2M1 allows remote authen ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3813 (Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote auth ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3812 (Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio  ...)
	NOT-FOR-US: OtsAV products
CVE-2009-3811 (Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows  ...)
	NOT-FOR-US: Music Tag Editor
CVE-2009-3810 (Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows r ...)
	NOT-FOR-US: Acoustica MP3 Audio Mixer
CVE-2009-3809 (Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attacke ...)
	NOT-FOR-US: Acoustica MP3 Audio Mixer
CVE-2009-3808 (MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial o ...)
	NOT-FOR-US: MixSense DJ Studio
CVE-2009-3807 (Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attack ...)
	NOT-FOR-US: MixVibes
CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows r ...)
	NOT-FOR-US: DedeCMS
CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows rem ...)
	NOT-FOR-US: Gpg4win
	NOTE: looks like an issue in gpg2 for windows (gpg4win.org), not specific
	NOTE: to kleopatra
CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in Ru ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3803 (Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0 ...)
	NOT-FOR-US: Amiro.CMS
CVE-2009-3802 (Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Amiro.CMS
CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows re ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-XXXX [multiple missing input sanity checks in KDE]
	- kdelibs 4:3.5.10.dfsg.1-3 (low)
	- kde4libs 4:4.3.4-1 (low)
	[lenny] - kde4libs <no-dsa> (Minor issue)
	[lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
	[etch] - kdelibs <no-dsa> (minor and unlikely to be exploited)
	NOTE: http://www.ocert.org/advisories/ocert-2009-015.html
	NOTE: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/pre-2014-advisories/
	NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively)
	NOTE: but the "fixes" linked from the advisory only change code in kdelibs
	NOTE: more info at oss-sec threads
CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in A ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 m ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3795
	REJECTED
CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) be ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.5 ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3 ...)
	NOT-FOR-US: FormMax
CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2. ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-3788 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows re ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-3787 (files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct dire ...)
	NOT-FOR-US: Vivvo CMS
CVE-2009-3786 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabu ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3785 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simplene ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3784 (Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3783 (Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3782 (Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module f ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3781 (The filefield_file_download function in FileField 6.x-3.1, a module fo ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3780 (Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 a ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 a ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2,  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-5045 (Dump Servlet information leak in jetty before 6.1.22. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5047
	REJECTED
CVE-2009-5048 (Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5049 (WebApp JSP Snoop page XSS in jetty though 6.1.21. ...)
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-XXXX [cherokee 0.5.4 DoS]
	- cherokee <not-affected> (not reproducible)
	NOTE: <4089.110.37.64.157.1256562313.squirrel@mail.xc0re.net> in bugtraq
	NOTE: not reproducible in etch's 0.5.5 nor sid's 0.99.22-1.1
CVE-2009-3777
	RESERVED
CVE-2009-3776
	RESERVED
CVE-2009-3775
	RESERVED
CVE-2009-3774
	RESERVED
CVE-2009-3773
	RESERVED
CVE-2009-3772
	RESERVED
CVE-2009-3771
	RESERVED
CVE-2009-3770
	RESERVED
CVE-2009-3769
	RESERVED
CVE-2009-3768
	RESERVED
CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other  ...)
	{DSA-1943-1}
	- openldap 2.4.17-2.1 (low; bug #553432)
	- openldap2.3 <removed>
CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenS ...)
	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
	NOTE: our mutt is linked against gnutls, bug #553433
CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not p ...)
	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
	NOTE: our mutt is linked against gnutls
CVE-2009-3764 (Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO E ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3763 (Unspecified vulnerability in the Access Manager / OpenSSO component in ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3762 (Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remo ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3761
	RESERVED
CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the s ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample c ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the XenServ ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample code in  ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: phpBMS
CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 all ...)
	NOT-FOR-US: phpBMS
CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote att ...)
	NOT-FOR-US: phpBMS
CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows remote atta ...)
	NOT-FOR-US: Opial
CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows remote att ...)
	NOT-FOR-US: Opial
CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 allo ...)
	NOT-FOR-US: Opial
CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows remote at ...)
	NOT-FOR-US: ToyLog
CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense Personal Emai ...)
	NOT-FOR-US: Websense Personal Email Manager
CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Adminis ...)
	NOT-FOR-US: Websense Personal Email Manager
CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 ...)
	NOT-FOR-US: TBmnetCMS
CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature is enab ...)
	NOT-FOR-US: XScreenSaver in Sun Solaris 10
CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in IBM Rati ...)
	NOT-FOR-US: IBM Rational AppScan Enterprise Edition
CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote atta ...)
	NOT-FOR-US: EMC RepliStor
CVE-2009-3743 (Off-by-one error in the Ins_MINDEX function in the TrueType bytecode i ...)
	- ghostscript 8.71~dfsg-1
CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3. ...)
	- liferay-portal <itp> (bug #569819)
CVE-2009-3741
	REJECTED
CVE-2009-3740
	RESERVED
CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB Mic ...)
	NOT-FOR-US: Micrologix
CVE-2009-3738
	RESERVED
CVE-2009-3737 (The Oracle Siebel Option Pack for IE ActiveX control does not properly ...)
	NOT-FOR-US: Oracle Siebel Option Pack
CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ...)
	{DSA-1958-1}
	- libtool 2.2.6b-1 (low; bug #559797)
	- arts <not-affected> (Uses absolute path to the sound backend)
	- bochs <not-affected> (additional hardening in this package prevents this type of attack; bug #559799)
	- camserv <removed> (low; bug #559800)
	NOTE: requested camserv removal
	[lenny] - camserv <no-dsa> (Minor issue)
	[etch] - camserv <no-dsa> (Minor issue)
	- collectd 4.8.2-1 (low; bug #559801)
	[lenny] - collectd <no-dsa> (Minor issue)
	[etch] - collectd <no-dsa> (Minor issue)
	- cvsnt 2.5.04.3236-1.2 (low; bug #559803)
	[etch] - cvsnt <no-dsa> (Minor issue)
	[lenny] - cvsnt <no-dsa> (Minor issue)
	- ggobi 2.1.9~20091212-1 (low; bug #559806)
	[etch] - ggobi <no-dsa> (Minor issue)
	[lenny] - ggobi <no-dsa> (Minor issue)
	- gnash 0.8.7-2 (low; bug #559808)
	[lenny] - gnash <no-dsa> (Minor issue)
	- gnu-smalltalk 3.1-2 (low; bug #559809)
	[lenny] - gnu-smalltalk <no-dsa> (Minor issue)
	[etch] - gnu-smalltalk <no-dsa> (Minor issue)
	- graphicsmagick 1.3.5-6 (low; bug #559811)
	[lenny] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
	[etch] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
	- guile-1.6 1.6.8-7 (low; bug #559813)
	[etch] - guile-1.6 <no-dsa> (Minor issue)
	[lenny] - guile-1.6 <no-dsa> (Minor issue)
	- hamlib 1.2.10-1 (low; bug #559814)
	[lenny] - hamlib 1.2.7.1-1+lenny1
	[etch] - hamlib <no-dsa> (Minor issue)
	- hercules 3.06-1.2 (low; bug #559815)
	[lenny] - hercules <no-dsa> (Minor issue)
	[etch] - hercules <no-dsa> (Minor issue)
	- jags 1.0.4-1 (low; bug #559816)
	- kdelibs <not-affected> (dl_open open loads from fixed paths)
	- libannodex <removed> (low; bug #559818)
	[lenny] - libannodex <no-dsa> (Minor issue)
	[etch] - libannodex <no-dsa> (Minor issue)
	- libextractor 0.5.23+dfsg-4 (low; bug #559819)
	[etch] - libextractor <no-dsa> (Minor issue)
	[lenny] - libextractor <no-dsa> (Minor issue)
	- libmcrypt <not-affected> (not included in any of the binary packages; bug #559820)
	- libtunepimp 0.5.3-7.3 (low; bug #559821)
	[lenny] - libtunepimp <no-dsa> (Minor issue)
	[etch] - libtunepimp <no-dsa> (Minor issue)
	- mp4h 1.3.1-4.1 (low; bug #559822)
	[etch] - mp4h <no-dsa> (Minor issue)
	[lenny] - mp4h <no-dsa> (Minor issue)
	- naim <removed> (low; bug #559823)
	[lenny] - naim <no-dsa> (Minor issue)
	[etch] - naim <no-dsa> (Minor issue)
	- parser-mysql 10.3-2 (unimportant; bug #559824)
	- pinball 0.3.1-11 (low; bug #559825)
	[lenny] - pinball <no-dsa> (Minor issue)
	[etch] - pinball <no-dsa> (Minor issue)
	- redland 1.0.10-1 (low; bug #559826)
	[etch] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
	[lenny] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
	- siproxd 1:0.8.1-1 (low; bug #559827)
	[lenny] - siproxd <no-dsa> (Minor issue)
	[etch] - siproxd <no-dsa> (Minor issue)
	- ski <removed> (low; bug #559828)
	- synfig 0.62.00-1 (low; bug #559829)
	[lenny] - synfig <no-dsa> (Minor issue)
	- xmlsec1 1.2.14-1 (unimportant; bug #559831)
	NOTE: Embedded code copy isn't used
	- clamav 0.95+dfsg-1 (low; bug #559832)
	[lenny] - clamav <no-dsa> (Minor issue)
	[etch] - clamav <no-dsa> (Minor issue)
	- imagemagick 6:6.2.3.1-1 (low; bug #559833)
	[lenny] - imagemagick <no-dsa> (Minor issue)
	[etch] - imagemagick <no-dsa> (Minor issue)
	- hypre 2.4.0b-5 (low; bug #559834)
	[etch] - hypre <no-dsa> (Minor issue)
	[lenny] - hypre <no-dsa> (Minor issue)
	- lam 7.1.2-1.6 (low; bug #559835)
	[lenny] - lam <no-dsa> (Minor issue)
	[etch] - lam <no-dsa> (Minor issue)
	- openmpi 1.3.3-4 (low; bug #559836)
	[lenny] - openmpi <no-dsa> (Minor issue)
	[etch] - openmpi <no-dsa> (Minor issue)
	- parser 3.4.0-2 (unimportant; bug #559837)
	NOTE: users with write access can modify configuration to load new extensions, see #559837
	- pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
	- sdcc 2.9.0-5 (low; bug #559840)
	[lenny] - sdcc <no-dsa> (Minor issue)
	[etch] - sdcc <no-dsa> (Minor issue)
	- proftpd-dfsg <not-affected> (Only loads from /usr/lib/proftpd)
	- babel 1.4.0.dfsg-5 (low; bug #559843)
	[lenny] - babel <no-dsa> (Minor issue)
	- libprelude 0.9.14-2 (low; bug #559844)
	[etch] - libprelude <no-dsa> (Minor issue)
	- heartbeat 2.1.4-7 (unimportant; bug #559845)
	NOTE: the dlopened path is always below /usr/lib/heartbeat, which isn't under control of an attacker
	NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
	NOTE: might've been fixed earlier
	- graphviz 2.26.3-14 (low; bug #702436)
	[squeeze] - graphviz 2.26.3-5+squeeze1
CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3 ...)
	NOT-FOR-US: ActiveScan Installer ActiveX control
CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
	NOT-FOR-US: S2 Security Linear eMerge Access Control System
CVE-2009-XXXX [mandos 0600 file being included in initrd]
	- mandos 1.0.13-1 (bug #551907)
CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 b ...)
	- vmware-package <removed>
CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware  ...)
	NOT-FOR-US: VMware
CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2 ...)
	NOT-FOR-US: WebWorks Help
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
	NOT-FOR-US: ReqWeb
CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality i ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance metho ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0 ...)
	{DSA-1952-1}
	- asterisk 1:1.6.2.0~rc6-1
	[lenny] - asterisk <no-dsa> (Minor issue)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client i ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not requi ...)
	{DSA-2012-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <removed> (medium)
CVE-2009-3724 (python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XS ...)
	NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2009-3723 (asterisk allows calls on prohibited networks ...)
	[etch] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
	- asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html
CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in t ...)
	{DSA-1962-1}
	[etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
	[lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
	- linux-2.6 2.6.31-1 (low)
	- kvm 88+dfsg-2 (low; bug #557739)
	NOTE: http://bugzilla.redhat.com/531660
	NOTE: https://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
CVE-2009-3721 [ytnef buffer overflow]
	RESERVED
	- ytnef <removed> (bug #567631)
	[lenny] - ytnef <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
	NOTE: This doesn't affect Evolution, the TNEF plugin is external
CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat  ...)
	{DSA-1977-1 DSA-1921-1}
	- expat 2.0.1-5 (low; bug #551936)
	- mcabber 0.10.0-1 (low; bug #601053)
	[lenny] - mcabber <no-dsa> (Minor issue)
	- w3c-libwww <removed> (low; bug #551938)
	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
	- python-xml <removed> (low; bug #560951)
	[etch] - python-xml <no-dsa> (minor issue)
	[lenny] - python-xml 0.8.4-10.1+lenny1
	- python2.5 2.5.4-3.1 (low; bug #560912)
	- python2.4 2.4.4-3etch3 (low; bug #560913)
	- python-4suite 1.0.2-7.2 (low; bug #560914)
	[etch] - python-4suite <no-dsa> (Minor issue)
	[lenny] - python-4suite <no-dsa> (Minor issue)
	- wxwindows2.4 <removed> (unimportant; bug #560915)
	- wxwidgets2.6 2.6.3.2.2-4 (unimportant; bug #560916)
	- wxwidgets2.8 2.8.10.1-2 (unimportant; bug #560917)
	- audacity 1.3.2-1 (unimportant; bug #560919)
	- matanza <unfixed> (unimportant; bug #560920)
	- tdom 0.8.3~20080525-1 (low; bug #560921)
	[etch] - tdom <no-dsa> (minor issue)
	- udunits 2.1.8-4 (unimportant; bug #560922)
	- ayttm 0.6.1-2 (low; bug #560924)
	[etch] - ayttm <no-dsa> (minor issue)
	[lenny] - ayttm <no-dsa> (minor issue)
	- cableswig <removed> (unimportant; bug #560925)
	- cadaver <unfixed> (unimportant; bug #560926)
	- centerim 4.22.10-1 (low)
	[lenny] - centerim <no-dsa> (Minor issue)
	- cmake 2.6.0-6 (unimportant; bug #560927)
	- coin3 <unfixed> (unimportant; bug #560928)
	- gdcm 2.0.14-2 (low; bug #560929)
	- ghostscript 8.71~dfsg-2 (unimportant; bug #560930)
	- gs-gpl <removed> (unimportant)
	- grmonitor <removed> (unimportant; bug #560931)
	- iceape <removed> (unimportant; bug #560932)
	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
	- paraview 3.6.2-1 (unimportant; bug #560935)
	- poco 1.3.6p1-1 (unimportant; bug #560936)
	- simgear 2.10.0-1 (unimportant; bug #560937)
	- smart 1.2-5 (low; bug #560953)
	[etch] - smart <no-dsa> (minor issue)
	[lenny] - smart <no-dsa> (minor issue)
	- tla 1.3.5+dfsg-15 (unimportant; bug #560940)
	[lenny] - tla 1.3.5+dfsg-14+lenny1
	- xmlrpc-c 1.06.27-1.1 (low; bug #560942)
	[etch] - xmlrpc-c <no-dsa> (minor issue)
	[lenny] - xmlrpc-c <no-dsa> (minor issue)
	- iceweasel <not-affected> (uses xulrunner; bug #560943)
	- kompozer 1:0.8~b1-2 (unimportant; bug #560944)
	- vxl 1.13.0-2 (low; bug #560945)
	- xulrunner <unfixed> (unimportant; bug #560946)
	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
	- vnc4 <not-affected> (Not affected, see bug #560949)
	- xotcl 1.6.5-1.2 (low; bug #560950)
	[lenny] - xotcl <no-dsa> (minor issue)
CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
	NOT-FOR-US: Battle Blog
CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1 ...)
	NOT-FOR-US: Battle Blog
CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attac ...)
	NOT-FOR-US: LucVil PatPlayer
CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1  ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox  ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in MCshout ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ear ...)
	NOT-FOR-US: MorcegoCMS
CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp i ...)
	NOT-FOR-US: httpdx
CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username  ...)
	NOT-FOR-US: RioRey RIOS
CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae Tec ...)
	NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae Tec ...)
	NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Aut ...)
	NOT-FOR-US: VMware
CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...)
	NOT-FOR-US: ZFS filesystem in Sun Solaris
CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo bef ...)
	NOT-FOR-US: Achievo
CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, all ...)
	NOT-FOR-US: ZoIPer
CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2 ...)
	NOT-FOR-US: WordPress plugin
CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 a ...)
	NOT-FOR-US: PHP-Calendar
CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	{DSA-1966-1}
	- horde3 3.3.6+debian0-1 (low)
	NOTE: In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.
CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote att ...)
	{DSA-2040-1}
	- squidguard 1.2.0-9 (low; bug #553319)
CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon libra ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier a ...)
	NOT-FOR-US: Dalvik API in Android
CVE-2009-3697 (SQL injection vulnerability in the PDF schema generator functionality  ...)
	{DSA-1918-1}
	- phpmyadmin 4:3.2.2.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-3696 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2 ...)
	{DSA-1918-1}
	- phpmyadmin 4:3.2.2.1-1
CVE-2009-3610
	REJECTED
CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django 1. ...)
	{DSA-1905-1}
	- python-django 1.1.1-1 (medium; bug #550457)
	[etch] - python-django <not-affected> (introduced in 1.0)
	[lenny] - python-django 1.0.2-1+lenny2
CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...)
	NOT-FOR-US: ezRecipe-Zee 91
CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX con ...)
	NOT-FOR-US: Persits.XUpload.2 ActiveX
CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informi ...)
	NOT-FOR-US: IBM Informix Client SDK
CVE-2009-3690
	RESERVED
CVE-2009-3689
	REJECTED
CVE-2009-3688
	REJECTED
CVE-2009-3687
	REJECTED
CVE-2009-3686
	REJECTED
CVE-2009-3685
	REJECTED
CVE-2009-3684
	REJECTED
CVE-2009-3683
	REJECTED
CVE-2009-3682
	REJECTED
CVE-2009-3681
	REJECTED
CVE-2009-3680
	REJECTED
CVE-2009-3679
	REJECTED
CVE-2009-3678 (Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in M ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP ...)
	NOT-FOR-US: Microsoft Internet Authentication Service
CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2 and W ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...)
	NOT-FOR-US: Microsoft Local Security Authority Subsystem Service
CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allow ...)
	NOT-FOR-US: KSP Sound Player
CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions (com_foobla_sugg ...)
	NOT-FOR-US: Joomla! component
CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest 1 ...)
	NOT-FOR-US: Ardguest 1.8
CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows re ...)
	NOT-FOR-US: AdsDX
CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog 0 ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1 ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam Bl ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...)
	NOT-FOR-US: httpdx
CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: FileCopa FTP Server
CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalo ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in E ...)
	NOT-FOR-US: Efront
CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allo ...)
	NOT-FOR-US: BS Counter
CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (s ...)
	NOT-FOR-US: Sb.SuperBuddy.1 ActiveX
CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x  ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers  ...)
	NOT-FOR-US: Rhino Software Serv-U
CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupa ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links inter ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7. ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the "Monitor browsers' fea ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier an ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power  ...)
	NOT-FOR-US: PBBoard
CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a m ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft  ...)
	NOT-FOR-US: YABSoft Mega File Hosting Script (aka MFH or MFHS)
CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to obtai ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_ ...)
	NOT-FOR-US: JoomlaCache
CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component 1 ...)
	NOT-FOR-US: Joomla component
CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to c ...)
	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in  ...)
	NOT-FOR-US: FrontRange HEAT
CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote att ...)
	- snort 2.8.5.2-1 (unimportant; bug #553584)
	NOTE: current debian packages are not compiled with support for ipv6
CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM sub ...)
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 <not-affected> (introduced post 2.6.27)
	[etch] - linux-2.6 <not-affected> (introduced post 2.6.27)
	- linux-2.6.24 <not-affected> (introduced post 2.6.27)
	- kvm 88+dfsg-2 (medium; bug #557737)
	[lenny] - kvm <not-affected> (Vulnerable code not present)
CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2 ...)
	{DSA-1925-1}
	- proftpd-dfsg 1.3.2a-2 (low)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in  ...)
	{DSA-1962-1 DSA-1927-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
	NOTE: fixed in upstream 2.6.32-rc4
	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
	- kvm <removed> (medium; bug #562076)
CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function in clien ...)
	- alien-arena 7.33-1 (medium; bug #552038)
	[lenny] - alien-arena 7.0-1+lenny1
CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool subcompon ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x befor ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box (ak ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalu ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing featur ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1 ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1 ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend sub ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1 ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 allo ...)
	{DSA-1923-1}
	- libhtml-parser-perl 3.64-1 (bug #552531)
	NOTE: http://secunia.com/advisories/37155/
CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial of se ...)
	- perl 5.10.1-6 (bug #552291)
	[lenny] - perl <not-affected> (Vulnerable code not present)
	[etch] - perl <not-affected> (Vulnerable code not present)
CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 a ...)
	- sahana <itp> (bug #497414)
CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in th ...)
	- linux-2.6 2.6.31-2 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
	NOTE: fixed upstream in 2.6.32-rc5
CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 sub ...)
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-3622 (Algorithmic complexity vulnerability in wp-trackback.php in WordPress  ...)
	- wordpress 2.8.5-1
	[lenny] - wordpress 2.5.1-11+lenny3
	[etch] - wordpress 2.0.10-1etch6
	NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows loc ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-g ...)
	{DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.32-1 (medium)
	- linux-2.6.24 <removed> (medium)
	NOTE: https://git.kernel.org/linus/7dc482dfeeeefcfd000d4271c4626937406756d7
CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1. ...)
	- viewvc 1.0.9-1 (low; bug #545779; bug #560903)
CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 be ...)
	- viewvc 1.0.9-1 (low; bug #545779; bug #560903)
CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function i ...)
	- aria2 1.6.2-1 (low)
	[lenny] - aria2 <not-affected> (Vulnerable code not present)
	[etch] - aria2 <not-affected> (Vulnerable code not present)
CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in  ...)
	- qemu 0.11.0-1 (medium; bug #553589)
	[lenny] - qemu <not-affected> (Vulnerable code not present)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm <removed> (medium; bug #553590)
	[lenny] - kvm <not-affected> (Vulnerable code not present)
CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adiu ...)
	{DSA-1932-1}
	- pidgin 2.6.3-1
	NOTE: http://pidgin.im/news/security/?id=41
CVE-2009-3614 (liboping 1.3.2 allows users reading arbitrary files upon the local sys ...)
	- liboping 1.3.3-1 (low; bug #548684)
	[lenny] - liboping <not-affected> (doesn't have -f option yet)
	[etch] - liboping <not-affected> (doesn't have -f option yet)
CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c i ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.29-1 (medium)
	- linux-2.6.24 <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2009/10/15/4
CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink subsy ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ce ...)
	- backintime 0.9.26-3 (bug #543785)
CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
	{DSA-1941-1}
	- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf bef ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote  ...)
	{DSA-1941-1}
	- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3. ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ( ...)
	- dopewars 1.5.12-9 (low; bug #550913)
	[etch] - dopewars <no-dsa> (negligible issue)
	[lenny] - dopewars <no-dsa> (neglibigble issue)
CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when running a p ...)
	- incron 0.5.7-1
CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus en ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus en ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows  ...)
	NOT-FOR-US: CoreHTTP
CVE-2009-3585 (Session fixation vulnerability in html/Elements/SetupSessionCookie in  ...)
	{DSA-1944-1}
	- request-tracker3.4 <removed>
	- request-tracker3.6 3.6.9-2 (low)
CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie  ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in SQL- ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in SQL ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8. ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya  ...)
	NOT-FOR-US: Autodesk Maya
CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allo ...)
	NOT-FOR-US: Autodesk
CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...)
	NOT-FOR-US: Autodesk Softimage
CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2 ...)
	{DSA-1957-1}
	- aria2 1.2.0-1 (low; bug #551070)
	[etch] - aria2 <not-affected> (Vulnerable code not present)
CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact a ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impa ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows remote atta ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Dr ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in S ...)
	- virtualbox-ose 3.0.8-dfsg-1
	[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 rec ...)
	{DSA-1963-1}
	- unbound 1.3.4-1 (low)
	NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html
CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez ...)
	NOT-FOR-US: Scriptsez Ultimate Poll
CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration informat ...)
	NOT-FOR-US: HUBScript
CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBS ...)
	NOT-FOR-US: HUBScript
CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in eCard ...)
	NOT-FOR-US: eCardMAX FormXP
CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web root  ...)
	NOT-FOR-US: Digitaldesign CMS
CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to admin/man ...)
	NOT-FOR-US: JoxTechnology Ajox Poll
CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows re ...)
	NOT-FOR-US: VS PANEL
CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog Sys ...)
	NOT-FOR-US: BLOB Blog System
CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 ...)
	NOT-FOR-US: Freelancers
CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in Quali ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows re ...)
	NOT-FOR-US: VS PANEL
CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Tuniac
CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1 Activ ...)
	NOT-FOR-US: ActiveX
CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not pr ...)
	NOT-FOR-US: OpenBSD
CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ ...)
	NOT-FOR-US: Kayako SupportSuite and eSupport
CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...)
	- jetty <unfixed> (unimportant)
	NOTE: http://www.coresecurity.com/content/jetty-persistent-xss
	NOTE: only an example application
CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 do ...)
	NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/m ...)
	NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups whe ...)
	- puppet 0.25.1-3 (low; bug #551073)
	[etch] - puppet <no-dsa> (minor issue)
	[lenny] - puppet <no-dsa> (minor issue)
CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote  ...)
	{DSA-1948-1}
	- ntp 1:4.2.4p8+dfsg-1 (medium; bug #560074)
CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 al ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows re ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...)
	{DSA-1977-1 DSA-1953-2 DSA-1953-1}
	- expat 2.0.1-6 (low; bug #560901)
	- mcabber 0.10.0-1 (low; bug #601053)
	[lenny] - mcabber <no-dsa> (Minor issue)
	- w3c-libwww <removed>
	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
	- python-xml <removed> (low; bug #560951)
	[etch] - python-xml <no-dsa> (minor issue)
	[lenny] - python-xml 0.8.4-10.1+lenny1
	- python2.5 2.5.4-3.1 (low; bug #560912)
	- python2.4 2.4.4-3+etch3 (low; bug #560913)
	- python2.6 2.6.4-4
	- python-4suite 1.0.2-7.2 (low; bug #560914)
	[etch] - python-4suite <no-dsa> (Minor issue)
	[lenny] - python-4suite <no-dsa> (Minor issue)
	- wxwindows2.4 <removed> (unimportant; bug #560915)
	- wxwidgets2.6 2.6.3.2.2-4 (unimportant; bug #560916)
	- wxwidgets2.8 2.8.10.1-2 (unimportant; bug #560917)
	- audacity 1.3.2-1 (unimportant; bug #560919)
	- matanza <unfixed> (unimportant; bug #560920)
	- tdom 0.8.3~20080525-1 (low; bug #560921)
	[etch] - tdom <no-dsa> (minor issue)
	- udunits 2.1.8-4 (unimportant; bug #560922)
	- ayttm 0.6.1-2 (low; bug #560924)
	[etch] - ayttm <no-dsa> (minor issue)
	[lenny] - ayttm <no-dsa> (minor issue)
	- cableswig <removed> (unimportant; bug #560925)
	- cadaver <unfixed> (unimportant; bug #560926)
	- cmake 2.6.0-6 (unimportant; bug #560927)
	- coin3 <unfixed> (unimportant; bug #560928)
	- gdcm 2.0.14-2 (low; bug #560929)
	- ghostscript 8.71~dfsg-2 (unimportant; bug #560930)
	- gs-gpl <removed> (unimportant)
	- grmonitor <removed> (unimportant; bug #560931)
	- iceape <removed> (unimportant; bug #560932)
	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
	- paraview 3.6.2-1 (unimportant; bug #560935)
	- poco 1.3.6p1-1 (unimportant; bug #560936)
	- simgear 2.10.0-1 (unimportant; bug #560937)
	- smart 1.2-5.1 (low; bug #560953)
	[etch] - smart <no-dsa> (minor issue)
	[lenny] - smart <no-dsa> (minor issue)
	- tla 1.3.5+dfsg-15 (unimportant; bug #560940)
	[lenny] - tla 1.3.5+dfsg-14+lenny1
	- xmlrpc-c 1.06.27-1.1 (low; bug #560942)
	[etch] - xmlrpc-c <no-dsa> (minor issue)
	[lenny] - xmlrpc-c <no-dsa> (minor issue)
	- iceweasel <not-affected> (uses xulrunner; bug #560943)
	- kompozer 1:0.8~b1-2 (low; bug #560944)
	- vxl 1.13.0-2 (low; bug #560945)
	- xulrunner <unfixed> (unimportant; bug #560946)
	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
	- vnc4 <not-affected> (Not affected, see bug #560949)
	- xotcl <not-affected> (Vulnerable code not present in embedded Expat copy)
CVE-2009-3559
	- php5 <removed> (unimportant)
	NOTE: safe_mode regression
CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 an ...)
	- php5 5.2.12.dfsg.1-1 (unimportant)
	NOTE: open_basedir bypass
CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5 ...)
	- php5 5.2.12.dfsg.1-1 (unimportant)
	NOTE: safe_mode bypass
CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in the Lin ...)
	- linux-2.6 <not-affected> (redhat-specific configuration issue)
	- linux-2.6.24 <not-affected> (redhat-specific configuration issue)
CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...)
	{DSA-3253-1 DSA-2626-1 DSA-2141-2 DSA-2141-1 DSA-1934-1 DLA-400-1}
	- apache2 2.2.14-2
	- openssl 0.9.8k-6
	- nss 3.12.6-1
	- sun-java5 <removed>
	[lenny] - sun-java5 <no-dsa> (Minor issue)
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-22-0lenny
	NOTE: Update 22 for Sun Java implemented the new RFC extension
	- openjdk-6 6b18-1.8.2-1
	- nginx 0.7.64-1
	- matrixssl 1.8.8-1
	[lenny] - matrixssl <no-dsa> (Fringe SSL implementation, can be fixed in spu)
	- tomcat-native 1.1.18-1
	[lenny] - tomcat-native <no-dsa> (Minor issue)
	- gnutls26 <not-affected> (safely handles renegotiation; however support for RFC 5746 would be useful)
	- polarssl 1.2.0-1 (bug #704946)
	- classpath <removed>
	- zorp 3.9.2-1
	[squeeze] - zorp <no-dsa> (Minor issue)
	[lenny] - zorp <no-dsa> (Minor issue)
	- lighttpd 1.4.30-1
	- pound 2.6-6.1 (bug #765649)
	[jessie] - pound <no-dsa> (Minor issue)
	NOTE: the anti_beast.patch in pound 2.6-2 has some provision for this issue too but it seems to be broken, cf #765649
	NOTE: for any of the currently unfixed implementations, you can solve the problem by disabling renegotiation
	NOTE: the following implement RFC 5746:
	NOTE: - openssl 0.9.8m-1
	NOTE: - apache 2.2.15-1
	NOTE: - nss 3.12.6-1
	NOTE: - sun-java6 6.19-1
CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EA ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor handling  ...)
	{DSA-2176-1}
	- cups 1.4.2-4 (low; bug #557740)
	[lenny] - cups <no-dsa> (Minor issue)
	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
	NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
CVE-2009-3552 (In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not ver ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Manager
CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in packet-sm ...)
	- wireshark 1.2.3-1 (low; bug #553583)
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 t ...)
	{DSA-1942-1}
	- wireshark 1.2.3-1 (low; bug #553583)
CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1 ...)
	- wireshark 1.2.3-1 (low; bug #553583)
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 th ...)
	- tomcat6 <not-affected> (Windows only)
CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.3 ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (high)
	- linux-2.6.24 <removed> (high)
CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...)
	{DSA-1936-1}
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
	- php5 <not-affected> (the php packages use the system libgd2)
	NOTE: http://svn.php.net/viewvc?view=revision&revision=289557
	NOTE: <20091015173822.084de220@redhat.com> in OSS-sec
CVE-2009-3545 (DataWizard Technologies FtpXQ FTP Server 3.0 allows remote authenticat ...)
	NOT-FOR-US: DataWizard Technologies FtpXQ FTP Server
CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source c ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-3526
	RESERVED
CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-9 (bug #549871)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2009-3543 (SQL injection vulnerability in _phenotype/admin/login.php in Phenotype ...)
	NOT-FOR-US: Phenotype CMS
CVE-2009-3542 (Directory traversal vulnerability in ls.php in LittleSite (aka LS or L ...)
	NOT-FOR-US: LittleSite
CVE-2009-3541 (PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealog ...)
	NOT-FOR-US: PHPGenealogy
CVE-2009-3540 (Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWor ...)
	NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
CVE-2009-3539 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld U ...)
	NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
CVE-2009-3538 (Directory traversal vulnerability in thumb.php in Clear Content 1.1 al ...)
	NOT-FOR-US: Clear Content
CVE-2009-3537 (Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 ...)
	NOT-FOR-US: EpicDJSoftware EpicDJ
CVE-2009-3536 (Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 ...)
	NOT-FOR-US: EpicDJSoftware EpicVJ
CVE-2009-3535 (Directory traversal vulnerability in image.php in Clear Content 1.1 al ...)
	NOT-FOR-US: Clear Content
CVE-2009-3534 (Directory traversal vulnerability in index.php in LionWiki 3.0.3, when ...)
	NOT-FOR-US: LionWiki
CVE-2009-3533 (SQL injection vulnerability in report.php in Meeting Room Booking Syst ...)
	NOT-FOR-US: Meeting Room Booking System
CVE-2009-3532 (Multiple SQL injection vulnerabilities in login.asp (aka the login scr ...)
	NOT-FOR-US: LogRover
CVE-2009-3531 (SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows  ...)
	NOT-FOR-US: Universe CMS
CVE-2009-3530 (Cross-site scripting (XSS) vulnerability in storefront.php in RadScrip ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2009-3529 (SQL injection vulnerability in index.php in RadScripts RadBids Gold 4  ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remot ...)
	NOT-FOR-US: MyMsg
CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not sup ...)
	- xen-3 <unfixed> (unimportant)
	- xen-unstable <removed> (unimportant)
	NOTE: This is an enhancement, not a security issue.
	NOTE: A user must have access to a guest hard drive image in order to boot it,
	NOTE: so he can simply mount the drive and remove the password option.
CVE-2009-5041 (overkill has buffer overflow via long player names that can corrupt da ...)
	- overkill 0.16-14.1 (bug #549310; low)
	[lenny] - overkill <no-dsa> (Minor issue)
	[etch] - overkill <no-dsa> (Minor issue)
CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and Professio ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before 4.8.13 ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and Professi ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the Visualizati ...)
	NOT-FOR-US: WebSphere
CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the Your_account mo ...)
	NOT-FOR-US: CMSphp
CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun Solaris 8  ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in IBMIM.exe  ...)
	NOT-FOR-US: IBM Installation Manager
CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does no ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not p ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in d.net CMS ...)
	NOT-FOR-US: d.net CMS
CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote attac ...)
	NOT-FOR-US: d.net CMS
CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG ...)
	NOT-FOR-US: Pilot Group (PG) eTraining
CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 al ...)
	NOT-FOR-US: MyWeight
CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 a ...)
	NOT-FOR-US: justVisual
CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Bet ...)
	NOT-FOR-US: linkSpheric
CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in admin/admin_index.php in C ...)
	NOT-FOR-US: CJ Dynamic Poll PRO
CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 allo ...)
	NOT-FOR-US: MUJE CMS
CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21 allows ...)
	NOT-FOR-US: CMSphp
CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 all ...)
	NOT-FOR-US: CMSphp
CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Z ...)
	NOT-FOR-US: Vastal I-Tech MMORPG Zone
CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 all ...)
	NOT-FOR-US: Alibaba Clone
CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse B ...)
	NOT-FOR-US: BPowerHouse BPHolidayLettings
CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 al ...)
	NOT-FOR-US: BPowerHouse BPMusic
CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents  ...)
	NOT-FOR-US: BPowerHouse BPStudents
CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allo ...)
	NOT-FOR-US: BPowerHouse BPGames
CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCa ...)
	NOT-FOR-US: BPowerHouse BPLawyerCaseDocuments
CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms 1. ...)
	NOT-FOR-US: HBcms
CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...)
	NOT-FOR-US: Vastal I-Tech Agent
CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-T ...)
	NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone  ...)
	NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0 ...)
	NOT-FOR-US: T-HTB Manager
CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBachec ...)
	NOT-FOR-US: Zenas PaoBacheca Guestbook
CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9 ...)
	NOT-FOR-US: Loggix Project
CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion (com_sportfus ...)
	NOT-FOR-US: Kinfusion SportFusion
CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a do ...)
	{DSA-1904-1}
	- wget 1.12-1 (medium; bug #549293)
CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...)
	NOT-FOR-US: Adobe Photoshop Elements
CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka Bibl ...)
	NOT-FOR-US: Drupal Bibliography Module
CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web inter ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web inter ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in Jun ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-ass ...)
	NOT-FOR-US: Core FTP
CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in GlobalSCA ...)
	NOT-FOR-US: CuteFTP
CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.129 ...)
	NOT-FOR-US: TrustPort Antivirus and PC Security
CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2. ...)
	NOT-FOR-US: Joomla component
CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) componen ...)
	NOT-FOR-US: Joomla component
CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x  ...)
	NOT-FOR-US: Bibliography
CVE-2009-3478 (Argument injection vulnerability in (1) src/content/js/connection/sftp ...)
	NOT-FOR-US: Bibliography
CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before  ...)
	NOT-FOR-US: Blackberry Browser in RIM BlackBerry Device Software
CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibbole ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml 3.0.0-2
	- opensaml2 2.2.1-1
	- shibboleth-sp 3.0.2+dfsg1-2
	- shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and  ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml 3.0.0-2
	- opensaml2 2.2.1-1
	- shibboleth-sp 3.0.2+dfsg1-2
	- shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by  ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml 3.0.0-2
	- opensaml2 2.2.1-1
	- shibboleth-sp 3.0.2+dfsg1-2
	- shibboleth-sp2 2.2.1+dfsg-1
	[lenny] - opensaml 1.1.1-2+lenny1
	[lenny] - opensaml2 2.0-2+lenny1
CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege f ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remot ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 befor ...)
	NOT-FOR-US: IBM Informix Dynamic Server (IDS)
CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment (CD ...)
	NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
CVE-2009-3467 (Cross-site scripting (XSS) vulnerability in an unspecified method in A ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows r ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attac ...)
	NOT-FOR-US: Adobe
CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x throu ...)
	NOT-FOR-US: Adobe
CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1. ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) bef ...)
	NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly hand ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: This was caused by a bug in NSS (CVE-2009-2408). chromium-browser uses libnss3
CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly han ...)
	NOT-FOR-US: Apple Safari
CVE-2009-3454
	REJECTED
CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quick ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive I ...)
	NOT-FOR-US: RADactive
CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.a ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MP3 Collector
CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote atta ...)
	NOT-FOR-US: BakBone NetVault Backup
CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before 2008 ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-XXXX [xen-tools: world readable disk image files]
	- xen-tools 4.2~beta1-1 (low; bug #548909)
	[lenny] - xen-tools 3.9-4+lenny1
CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...)
	NOT-FOR-US: com_mytube component for Joomla!
CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before  ...)
	NOT-FOR-US: Ability Mail Server
CVE-2009-3444 (Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 a ...)
	NOT-FOR-US: e107
CVE-2009-3443 (SQL injection vulnerability in the Fastball (com_fastball) component 1 ...)
	NOT-FOR-US: com_fastball component for Joomla!
CVE-2009-3442 (The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does no ...)
	NOT-FOR-US: Nodewords module for Drupal
CVE-2009-3441 (Open Source Security Information Management (OSSIM) before 2.1.2 allow ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3440 (Cross-site scripting (XSS) vulnerability in Open Source Security Infor ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3439 (Multiple SQL injection vulnerabilities in Open Source Security Informa ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3438 (SQL injection vulnerability in the JoomlaFacebook (com_facebook) compo ...)
	NOT-FOR-US: com_facebook component for Joomla!
CVE-2009-3437 (Cross-site scripting (XSS) vulnerability in the live preview feature i ...)
	NOT-FOR-US: Markdown Preview module for Drupal
CVE-2009-3436 (Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal al ...)
	NOT-FOR-US: MaxWebPortal
CVE-2009-3435 (Cross-site scripting (XSS) vulnerability in the variable editor in the ...)
	NOT-FOR-US: Devel module for Drupal
CVE-2009-3434 (SQL injection vulnerability in the Tupinambis (com_tupinambis) compone ...)
	NOT-FOR-US: com_tupinambis for Mambo and Joomla!
CVE-2009-3433 (Unspecified vulnerability in clsetup in the configuration utility in S ...)
	NOT-FOR-US: Sun Solaris Cluster
CVE-2009-3432 (Unspecified vulnerability in xscreensaver in Sun Solaris 10, and OpenS ...)
	NOT-FOR-US: Sun OpenSolaris xscreensaver
CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1 ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions R ...)
	- request-tracker3.8 3.8.5-1 (bug #546829)
	- request-tracker3.6 3.6.9-1 (bug #546778)
	[etch] - request-tracker3.6 <not-affected> (vulnerable code not present)
	[lenny] - request-tracker3.6 3.6.7-5+lenny2
	NOTE: CVE id requested
CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...)
	NOT-FOR-US: Allomani Mobile
CVE-2009-3429 (Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61  ...)
	NOT-FOR-US: Pirate Radio Destiny Media Player
CVE-2009-3428 (Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote ...)
	NOT-FOR-US: Easy Music Player
CVE-2009-3427 (Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.0 ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2009-3426 (PHP remote file inclusion vulnerability in includes/file_manager/speci ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3425 (Directory traversal vulnerability in includes/inc.thcms_admin_dirtree. ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3424 (Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3423 (login.php in Zenas PaoLink 1.0, when register_globals is enabled, allo ...)
	NOT-FOR-US: Zenas PaoLink
CVE-2009-3422 (login.php in Zenas PaoLiber 1.1, when register_globals is enabled, all ...)
	NOT-FOR-US: Zenas PaoLiber
CVE-2009-3421 (login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is  ...)
	NOT-FOR-US: Zenas PaoBacheca Guestbook
CVE-2009-3420 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in th ...)
	NOT-FOR-US: Miniweb Publisher module
CVE-2009-3419 (SQL injection vulnerability in index.php in the Publisher module 2.0 f ...)
	NOT-FOR-US: Miniweb Publisher module
CVE-2009-3418 (Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) re ...)
	NOT-FOR-US: Plume CMS
CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 ...)
	NOT-FOR-US: IDoBlog component Joomla
CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle Database 9. ...)
	NOT-FOR-US: Oracle Database and Oracle Application Server
CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle Database 11 ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) compo ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in Oracle  ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in Oracle  ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools &amp; Enterpri ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA Product Suit ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology Stack  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3398
	REJECTED
CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle E-Busines ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3394
	REJECTED
CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management (ED ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-4193 (Merkaartor 0.14 allows local users to append data to arbitrary files v ...)
	- merkaartor 0.14+svnfixes~20090912-2 (low; bug #548546)
	[lenny] - merkaartor <not-affected> (vulnerable code not present)
	NOTE: does not run as root so minor issue.
CVE-2009-XXXX [SA-CORE-2009-008]
	- drupal6 6.14-1 (bug #547140)
	[lenny] - drupal6 6.6-3lenny3
CVE-2009-3391
	RESERVED
CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) iscsi ...)
	NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used i ...)
	{DSA-2045-1}
	- libtheora 1.1 (bug #572950)
	[etch] - libtheora <not-affected> (vulnerable code not present)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before  ...)
	- liboggplay 0.2.1~git20091227-1.1 (bug #575743)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3387 (Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group re ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allo ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not properl ...)
	{DSA-1922-1}
	- xulrunner 1.9.0.15-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0-1
	[lenny] - iceape <not-affected> (stub package)
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before  ...)
	- webkit 1.1.17-2 (medium; bug #559759)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <not-affected> (vulnerable code not present)
	- kde4libs <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/48725
CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla  ...)
	{DSA-1939-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.3-1 (medium)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3378 (The oggplay_data_handle_theora_frame function in media/liboggplay/src/ ...)
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (ogg support added in firefox 3.5)
	[lenny] - xulrunner <not-affected> (ogg support added in firefox 3.5)
	- liboggplay 0.2.1~git20091120-1 (medium; bug #552743)
CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
	- liboggz 0.9.9-1 (low)
	[lenny] - liboggz <no-dsa> (Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep)
CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey be ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x  ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation i ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox  ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey be ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 all ...)
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
	[lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
	- kompozer <unfixed> (unimportant; bug #555326)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote a ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservat ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image galler ...)
	NOT-FOR-US: An image gallery 1.0
CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image galler ...)
	NOT-FOR-US: An image gallery 1.0
CVE-2009-3365 (PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/ ...)
	NOT-FOR-US: Aurora CMS
CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote F ...)
	NOT-FOR-US: FTPShell Client
CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x be ...)
	NOT-FOR-US: a module for Drupal
CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2. ...)
	NOT-FOR-US: SZNews
CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor allows remo ...)
	NOT-FOR-US: PHP-IPNMonitor
CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 al ...)
	NOT-FOR-US: Datemill
CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match Agency Bi ...)
	NOT-FOR-US: Match Agency BiZ
CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts Adult Po ...)
	NOT-FOR-US: Tourism Scripts Adult
CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking Reservatio ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0 allows re ...)
	NOT-FOR-US: Image voting
CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia B ...)
	NOT-FOR-US: Datetopia Buy Dating Site
CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...)
	NOT-FOR-US: Rest API module for Drupal
CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for Drupa ...)
	NOT-FOR-US: Node2Node module for Drupal
CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ro ...)
	NOT-FOR-US: quota_by_role (Quota by role) module for Drupal
CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for Dr ...)
	NOT-FOR-US: Node Browser module for Drupal
CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module f ...)
	NOT-FOR-US: Subdomain Manager module for Drupal
CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote attacke ...)
	NOT-FOR-US: Datavore Gyro
CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows r ...)
	NOT-FOR-US: Datavore Gyro
CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows remote at ...)
	NOT-FOR-US: D-Link DIR-400 wireless router
CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008 allows re ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unkn ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on Window ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals allows re ...)
	NOT-FOR-US: HotWeb Rentals
CVE-2009-3342 (SQL injection vulnerability in frontend/assets/ajax/checkusername.php  ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows remote a ...)
	NOT-FOR-US: Linksys WRT54GL wireless router
CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to ...)
	NOT-FOR-US: FreeSSHD
CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance 5 ...)
	NOT-FOR-US: McAfee Email and Web Security Appliance
CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b a ...)
	NOT-FOR-US: Magic Morph
CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...)
	NOT-FOR-US: plugin for Serendipity
CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid allo ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for Jooml ...)
	NOT-FOR-US: TurtuShout component 0.11 for Joomla!
CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Int ...)
	NOT-FOR-US: Lhacky! Extensions Cave Joomla!
CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the koeSub ...)
	NOT-FOR-US: koeSubmit (com_koesubmit) component 1.0 for Mambo
CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) c ...)
	NOT-FOR-US: BudgetsMagic (com_jbudgetsmagic) component for Joomla!
CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 allo ...)
	NOT-FOR-US: DDL CMS
CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1, when mag ...)
	NOT-FOR-US: cP Creator
CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted r ...)
	NOT-FOR-US: Winplot
CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1 ...)
	NOT-FOR-US: WX-Guestbook
CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow r ...)
	NOT-FOR-US: WX-Guestbook
CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content Managem ...)
	NOT-FOR-US: CMScontrol
CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments Survey Manag ...)
	NOT-FOR-US: Survey Manager (com_surveymanager) component 1.5.0 for Joomla!
CVE-2009-3324 (PHP remote file inclusion vulnerability in include/prodler.class.php i ...)
	NOT-FOR-US: ProdLer
CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation  ...)
	NOT-FOR-US: BAnner ROtation System mini (BAROSmini)
CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers to cause ...)
	NOT-FOR-US: Siemens Gigaset SE361 WLAN router
CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc  ...)
	NOT-FOR-US: SaphpLesson
CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLin ...)
	NOT-FOR-US: Zenas PaoLink (aka Pao-Link)
CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03  ...)
	NOT-FOR-US: DCI-Designs Dawaween
CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album (com_a ...)
	NOT-FOR-US: Roland Breedveld Album (com_album) component 1.14 for Joomla!
CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php in Ope ...)
	NOT-FOR-US: OpenSiteAdmin
CVE-2009-3316 (SQL injection vulnerability in the JReservation (com_jreservation) com ...)
	NOT-FOR-US: JReservation (com_jreservation) component 1.0 and 1.5 for Joomla!
CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp Publis ...)
	NOT-FOR-US: NeLogic Nephp Publisher Enterprise
CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote at ...)
	NOT-FOR-US: FMyClone
CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in phpPol ...)
	NOT-FOR-US: phpPollScript
CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScrip ...)
	NOT-FOR-US: RSSMediaScript
CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows remote at ...)
	NOT-FOR-US: Zainu
CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allow ...)
	NOT-FOR-US: CF ShopKart
CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows  ...)
	NOT-FOR-US: FanUpdate
CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allo ...)
	NOT-FOR-US: FSphp
CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in Clear ...)
	NOT-FOR-US: ClearSite
CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to  ...)
	{DSA-2002-1}
	- polipo 1.0.4-1.1 (low; bug #547047)
	[etch] - polipo <no-dsa> (Minor issue)
	[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbi ...)
	{DSA-1945-1}
	- gforge 4.8.2-1
CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GF ...)
	{DSA-1937-1}
	- gforge 4.8.1-3 (low)
CVE-2009-3302 (filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remot ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-3301 (Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) be ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the Identity Pr ...)
	{DSA-1947-1}
	- shibboleth-sp2 2.3+dfsg-1 (medium; bug #555608)
	- shibboleth-sp 3.0.2+dfsg1-2 (medium)
	- opensaml2 2.3-1 (medium)
	NOTE: xmltooling also needs to be updated, changed in sid in 1.3.1-1
CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in Ma ...)
	{DSA-1924-1}
	- mahara 1.1.7-1 (low)
	NOTE: http://mahara.org/interaction/forum/topic.php?id=1170
CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authentica ...)
	{DSA-1924-1}
	- mahara 1.1.7-1 (low)
	NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
CVE-2009-3297 [mount race conditions]
	REJECTED
CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...)
	{DSA-1912-2 DSA-1912-1}
	- camlimages 1:3.0.1-5 (low)
	- advi 1.6.0-15 (low; bug #551282)
CVE-2009-3295 (The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm ...)
	- krb5 1.7+dfsg-4 (medium)
	[lenny] - krb5 <not-affected> (code introduced in 1.7)
	[etch] - krb5 <not-affected> (code introduced in 1.7)
CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5 ...)
	- php5 <not-affected> (win32-specific)
CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...)
	- php5 <not-affected> (the php packages use the system libgd2)
	- php4 <not-affected> (the php packages use the system libgd2)
	NOTE: the transparent colours functionality is only on php5's bundled libgd2
CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1 ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low)
	NOTE: unknown impact, it is related to missing sanity checks
	NOTE: when determining the length of sections of jpg headers
	NOTE: a missing limit on the nesting level of TIFF files, and
	NOTE: missing EOF checks, possibly leading to NULL dereferences
	NOTE: experimental is likely to be affected (as of 5.3.0)
CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before 5.2.1 ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low)
	[lenny] - php5 <no-dsa> (rather unimportant)
	[etch] - php5 <no-dsa> (rather unimportant)
	NOTE: seems to be related to handling of \0 on CN
	NOTE: not worth a dsa on its own, php doesn't verify certificates by default
	NOTE: experimental is likely to be affected (as of 5.3.0)
CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target  ...)
	- glib2.0 2.22.0-1 (low)
	[lenny] - glib2.0 2.16.6-3
	[etch] - glib2.0 <no-dsa> (Minor issue)
CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X ...)
	- thin 1.2.4-1 (low)
CVE-2009-3285
	RESERVED
CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image Captur ...)
	NOT-FOR-US: phpspot Products
CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...)
	NOT-FOR-US: phpspot Products
CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...)
	NOT-FOR-US: VMware Fusion
CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839  ...)
	NOT-FOR-US: VMware Fusion
CVE-2009-3280 (Integer signedness error in the find_ie function in net/wireless/scan. ...)
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <not-affected> (vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 062 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 062 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allo ...)
	NOT-FOR-US: datavault
CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed  ...)
	NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1)
CVE-2009-3275 (Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
	NOT-FOR-US: Microsoft patterns & practices Enterprise Library
CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3 ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safar ...)
	- qt4-x11 <unfixed> (unimportant)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	NOTE: browser crashers are not considered security-relevant
CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a den ...)
	NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...)
	{DSA-1915-1 DSA-1907-1 DTSA-203-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
	- kvm 85+dfsg-4.1 (high; bug #548975)
CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2. ...)
	- linux-2.6 2.6.31-1 (low)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does no ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote att ...)
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause  ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	NOTE: browser denial of services not considered security-relevant
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.1671 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...)
	NOT-FOR-US: Opera
CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remo ...)
	NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an  ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x  ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- webkit <not-affected> (chrome-specific issue)
	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
	NOTE: other browsers are not affected (only chrome and opera)
CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...)
	NOT-FOR-US: IBM Tivoli Identity Manager
CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require admi ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3260 (Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remo ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management System ...)
	NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with certai ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to bypass th ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php  ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3255 (SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2 ...)
	NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3254 (Multiple stack-based buffer overflows in Ultimate Player 1.56 beta all ...)
	NOT-FOR-US: Ultimate Player
CVE-2009-3253 (Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allow ...)
	NOT-FOR-US: TriceraSoft Swift Ultralite
CVE-2009-3252 (Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0. ...)
	NOT-FOR-US: Rock Band CMS
CVE-2009-3251 (include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remo ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3250 (The saveForwardAttachments procedure in the Compose Mail functionality ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3248 (Cross-site request forgery (CSRF) vulnerability in the RSS module in v ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3247 (Cross-site scripting (XSS) vulnerability in the Activities module in v ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allow ...)
	NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from bn_w ...)
	- openssl 0.9.8m-1 (low; bug #575433)
	[lenny] - openssl 0.9.8g-15+lenny7
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe S ...)
	NOT-FOR-US: Adobe ShockWave Player
CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and  ...)
	- wireshark <not-affected> (Windows-only issue)
CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in Wir ...)
	- wireshark 1.2.2-1 (low; bug #547704)
	[etch] - wireshark <not-affected> (Only affects 1.2.x)
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...)
	{DSA-1942-1}
	- wireshark 1.2.2-1 (low; bug #547704)
	[etch] - wireshark <not-affected> (Only affects >= 0.99.6)
	[lenny] - wireshark 1.0.2-3+lenny6
CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
	NOT-FOR-US: module for XOOPS
CVE-2009-3239
	REJECTED
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux kern ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.30-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Applicati ...)
	{DSA-1966-1}
	- horde3 3.3.5+debian0-1 (low)
	[lenny] - horde3 3.2.2+debian0-2+lenny1
	NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix etch
CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1 ...)
	{DSA-1893-1 DSA-1892-1}
	- cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947)
	- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
	- dovecot 1:1.2.1-1 (medium; bug #546656)
	NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows
CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and 3 ...)
	{DSA-1897-1}
	- horde3 3.3.5+debian0-1 (medium; bug #547318)
CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in kernel/perf_counter. ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.31, fixed in Debian package before initial 2.6.31 upload)
	- linux-2.6.24 <not-affected> (Introduced in 2.6.31)
CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Al ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond Classifi ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft Almo ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Wap and Pro
CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System, when usi ...)
	NOT-FOR-US: Super Mod System
CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver  ...)
	NOT-FOR-US: Inout Adserver
CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebScript ...)
	NOT-FOR-US: FreeWebScriptz Honest Traffic
CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows remote at ...)
	NOT-FOR-US: Audio Lib Player (ALP)
CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in All In O ...)
	NOT-FOR-US: All In One Control Panel
CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content Manager ( ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web Content Man ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01 allows ...)
	NOT-FOR-US: iWiccle
CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01, when mag ...)
	NOT-FOR-US: iWiccle
CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, an ...)
	NOT-FOR-US: IXXO Cart Standalone
CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.254 ...)
	NOT-FOR-US: Photodex ProShow Gold
CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attacke ...)
	NOT-FOR-US: broid
CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, whe ...)
	NOT-FOR-US: VivaPrograms Infinity Script
CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity Script 2.x. ...)
	NOT-FOR-US: VivaPrograms Infinity Script
CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka  ...)
	NOT-FOR-US: Print (aka Printer, e-mail and PDF versions) Drupal module (3rd party module)
CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 a ...)
	NOT-FOR-US: PHP eMail Manager
CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote a ...)
	NOT-FOR-US: phpfreeBB
CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10 ...)
	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache  ...)
	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows remote a ...)
	NOT-FOR-US: CBAuthority
CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 ...)
	NOT-FOR-US: Stiva Forum
CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x al ...)
	NOT-FOR-US: AJ Auction Pro OOPD
CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Fo ...)
	NOT-FOR-US: ULoKI PHP Forum
CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows user-assisted re ...)
	NOT-FOR-US: Media Player Classic
CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 062 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639 Pro
CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web  ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Aff ...)
	NOT-FOR-US: Affiliate Master
CVE-2009-3197 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2009-3196 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP  ...)
	NOT-FOR-US: JCE-Tech PHP Video Script
CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auctio ...)
	NOT-FOR-US: JCE-Tech Auction RSS Content Script
CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech Sear ...)
	NOT-FOR-US: JCE-Tech SearchFeed Script
CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Li ...)
	NOT-FOR-US: LinkorCMS
CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Script ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow r ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guest ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 a ...)
	NOT-FOR-US: phpSANE
CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alon ...)
	NOT-FOR-US: Stand Alone Arcade
CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ  ...)
	NOT-FOR-US: VideoGirls BiZ
CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 ...)
	NOT-FOR-US: Crazy Star plugin 2.0 for Discuz!
CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The  ...)
	NOT-FOR-US: Pirates of The Caribbean
CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via C ...)
	{DSA-1891-1}
	- changetrack 4.5-2 (medium; bug #546791)
CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenS ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL  ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in B ...)
	{DSA-1913-1}
	- bugzilla 3.2.5.0-1 (low; bug #547132)
	[etch] - bugzilla <not-affected> (Vulnerable code not present)
	NOTE: Introduced in 2.23.4
CVE-2009-3182 (Unrestricted file upload vulnerability in admin/editor/filemanager/bro ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3180 (Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a passwo ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3179 (Multiple unspecified vulnerabilities in Symantec Altiris Deployment So ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3178 (Unspecified vulnerability in mm.exe in Symantec Altiris Deployment Sol ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3177 (Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown  ...)
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2009-3176 (Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 al ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-3175 (Multiple SQL injection vulnerabilities in Model Agency Manager PRO (fo ...)
	NOT-FOR-US: Model Agency Manager PRO
CVE-2009-3174 (PHP remote file inclusion vulnerability in fonctions_racine.php in OBO ...)
	NOT-FOR-US: OBOphiX
CVE-2009-3173 (Unrestricted file upload vulnerability in admin/add_album.php in The R ...)
	NOT-FOR-US: Rat CMS Alpha
CVE-2009-3172 (Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 t ...)
	NOT-FOR-US: Hitachi Groupmax Groupware Server
CVE-2009-3171 (Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gaze ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3170 (Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330)  ...)
	NOT-FOR-US: AIMP2 Audio Converter
CVE-2009-3169 (Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission  ...)
	NOT-FOR-US: Hitachi
CVE-2009-3168 (Mevin Productions Basic PHP Events Lister 2.0 does not properly restri ...)
	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2009-3167 (Directory traversal vulnerability in index.php in Anantasoft Gazelle C ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GN ...)
	- pam 1.0.1-10 (bug #519927)
	[lenny] - pam <not-affected> (pam-auth-update not yet present)
	[etch] - pam <not-affected> (pam-auth-update not yet present)
CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8 ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <not-affected>
	- postgresql-7.4 <not-affected>
CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8 ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <removed>
	- postgresql-7.4 <removed>
CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 befor ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <not-affected>
	- postgresql-7.4 <not-affected>
CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris  ...)
	NOT-FOR-US: Solaris
CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in  ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (medium)
	- silc-client 1.1-2 (medium)
	- silc-server 1.1.2-1 (medium)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2009-3145
	REJECTED
CVE-2009-3144
	REJECTED
CVE-2009-3143
	REJECTED
CVE-2009-3142
	REJECTED
CVE-2009-3141
	REJECTED
CVE-2009-3140
	REJECTED
CVE-2009-3139
	REJECTED
CVE-2009-3138
	REJECTED
CVE-2009-3137
	REJECTED
CVE-2009-3136
	REJECTED
CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3133 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Ope ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3132 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3131 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3130 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3129 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Offic ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3128 (Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3127 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows r ...)
	NOT-FOR-US: Multi Website
CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows at ...)
	NOT-FOR-US: IBM WebSpHere MQ
CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7 ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM WebSphe ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require authentication, w ...)
	NOT-FOR-US: simplePHPWeb
CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module 6.x be ...)
	NOT-FOR-US: Calendar module for Drupal
CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools sub-module  ...)
	NOT-FOR-US: Date module for Drupal
CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Cla ...)
	NOT-FOR-US: Almond Classifieds component for Joomla!
CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) co ...)
	NOT-FOR-US: Almond Classifieds component for Joomla!
CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search  ...)
	NOT-FOR-US: x10 MP3 Search engine
CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in becommunity/com ...)
	NOT-FOR-US: NTSOFT BBS E-Market Professional
CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php in Ultri ...)
	NOT-FOR-US: Ultrize TimeSheet
CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5 allows r ...)
	NOT-FOR-US: Multi Website
CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5, when mag ...)
	- elgg <itp> (bug #526197)
CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 ...)
	NOT-FOR-US: PortalXP Teacher Edition
CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewP ...)
	NOT-FOR-US: ReviewPost Pro
CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in Arti ...)
	NOT-FOR-US: ArticleFriend Script
CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in B ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail allo ...)
	NOT-FOR-US: QuarkMail
CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor  ...)
	NOT-FOR-US: Wap-Motor
CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control,  ...)
	NOT-FOR-US: Ajax Table module module for Drupal
CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x  ...)
	NOT-FOR-US: Ajax Table module module for Drupal
CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...)
	NOT-FOR-US: BIGACE Web CMS
CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ( ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...)
	NOT-FOR-US: Danneo CMS
CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus Syste ...)
	NOT-FOR-US: Snow Hall Silurus System
CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows  ...)
	NOT-FOR-US: Uiga Church Portal
CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers t ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from  ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and  ...)
	NOT-FOR-US: OXID eShop Professional
CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and  ...)
	NOT-FOR-US: OXID eShop Professional
CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote attac ...)
	- freeradius 2.0.0-1 (low)
CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris  ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris Dep ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6 ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 do ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere Applicatio ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domi ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 20 ...)
	NOT-FOR-US: Symantec Norton AntiVirus
CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in  ...)
	NOT-FOR-US: Microsoft
CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manage ...)
	NOT-FOR-US: Zmanda Recovery Manager
CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolar ...)
	- xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSol ...)
	- xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on Win ...)
	NOT-FOR-US: HP OpenView Operations Manager
CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...)
	NOT-FOR-US: HP Operations Dashboard
CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on  ...)
	NOT-FOR-US: HP Performance Insight
CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 all ...)
	NOT-FOR-US: HP Performance Insight
CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote attac ...)
	{DSA-1934-1}
	- apache2 2.2.13-2 (low; bug #545951)
	[etch] - apache2 <no-dsa> (minor issue)
	[lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
	NOTE: The attacker needs to have valid credentials for the FTP server, which
	NOTE: makes this irrelevant in most cases. Based on a VulnDisco commercial 0day.
CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the  ...)
	{DSA-1934-1}
	- apache2 2.2.13-2 (low; bug #545951)
	[etch] - apache2 <no-dsa> (minor issue)
	[lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has unkn ...)
	NOT-FOR-US: ASUS WL-500W
CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...)
	NOT-FOR-US: ASUS WL-500W
CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown impact and  ...)
	NOT-FOR-US: ASUS WL-330gE
CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on  ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM Lotus Do ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x be ...)
	{DSA-2260-1}
	- rails 2.2.3-1 (low; bug #545063)
	[etch] - rails <no-dsa> (Minor issue)
CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not  ...)
	- pidgin 2.6.2-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c  ...)
	{DSA-2038-1}
	- pidgin 2.6.2-1 (low)
CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the  ...)
	{DSA-2038-1}
	- pidgin 2.6.2-1 (low)
CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus Syst ...)
	NOT-FOR-US: Snow Hall Silurus System
CVE-2009-3081 (SQL injection vulnerability in index.php in Uiga Church Portal allows  ...)
	NOT-FOR-US: Uiga Church Portal
CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x  ...)
	{DSA-1886-1}
	- iceweasel 3.0.14-1
	[etch] - iceweasel <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not proper ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain dial ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozil ...)
	{DSA-2025-1 DSA-1885-1}
	- xulrunner 1.9.0.14-1
	- icedove 3.0~rc2-2
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox  ...)
	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2025-1 DSA-1885-1}
	- xulrunner 1.9.0.14-1
	- icedove 3.0~rc2-2
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer Servlet ( ...)
	NOT-FOR-US: Adobe RoboHelp Server
CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in Reservation M ...)
	NOT-FOR-US: Reservation Manager
CVE-2009-3066 (Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchSc ...)
	NOT-FOR-US: PropertyWatchScript.com Property Watch
CVE-2009-3065 (PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in ...)
	NOT-FOR-US: Ve-EDIT
CVE-2009-3064 (Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT ...)
	NOT-FOR-US: Ve-EDIT
CVE-2009-3063 (SQL injection vulnerability in the Game Server (com_gameserver) compon ...)
	NOT-FOR-US: Joomla!
CVE-2009-3062 (SQL injection vulnerability in message_box.php in OSI Codes PHP Live!  ...)
	NOT-FOR-US: OSI Codes PHP Live!
CVE-2009-3061 (SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 a ...)
	NOT-FOR-US: Alqatari Q R Script
CVE-2009-3060 (Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (ak ...)
	NOT-FOR-US: Joker Board
CVE-2009-3059 (Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 ...)
	NOT-FOR-US: Joker Board
CVE-2009-3058 (Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers  ...)
	NOT-FOR-US: akPlayer
CVE-2009-3057 (Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Be ...)
	NOT-FOR-US: AOM Software Beex
CVE-2009-3056 (PHP remote file inclusion vulnerability in include/engine/content/elem ...)
	NOT-FOR-US: KingCMS
CVE-2009-3055 (PHP remote file inclusion vulnerability in engine/api/api.class.php in ...)
	NOT-FOR-US: DataLife Engine
CVE-2009-3054 (SQL injection vulnerability in the Artetics.com Art Portal (com_artpor ...)
	NOT-FOR-US: Joomla!
CVE-2009-3053 (Directory traversal vulnerability in the Agora (com_agora) component 3 ...)
	NOT-FOR-US: Joomla!
CVE-2009-3052 (SQL injection vulnerability in root/includes/prime_quick_style.php in  ...)
	NOT-FOR-US: Prime Quick Style addon
CVE-2009-3051 (Multiple format string vulnerabilities in lib/silcclient/client_entry. ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (medium)
	- silc-client 1.1-2 (medium)
	- silc-server 1.1.2-1 (medium)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1 ...)
	- htmldoc 1.8.27-4.1 (low; bug #537637)
	[etch] - htmldoc <no-dsa> (Minor issue)
	[lenny] - htmldoc <no-dsa> (Minor issue)
CVE-2009-3049 (Opera before 10.00 does not properly display all characters in Interna ...)
	NOT-FOR-US: Opera
CVE-2009-3048 (Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly im ...)
	NOT-FOR-US: Opera
CVE-2009-3047 (Opera before 10.00, when a collapsed address bar is used, does not pro ...)
	NOT-FOR-US: Opera
CVE-2009-3046 (Opera before 10.00 does not check all intermediate X.509 certificates  ...)
	NOT-FOR-US: Opera
CVE-2009-3045 (Opera before 10.00 trusts root X.509 certificates signed with the MD2  ...)
	NOT-FOR-US: Opera
CVE-2009-3044 (Opera before 10.00 does not properly handle a (1) '\0' character or (2 ...)
	NOT-FOR-US: Opera
CVE-2009-3043 (The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux ...)
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-3039
	RESERVED
CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research ...)
	NOT-FOR-US: ActiveX
CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka F ...)
	NOT-FOR-US: Autonomy KeyView XLS viewer
CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symantec IM ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before 6 ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3034
	REJECTED
CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...)
	NOT-FOR-US: ActiveX
CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autono ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the Alt ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressio ...)
	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec Se ...)
	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dl ...)
	NOT-FOR-US: Symantec
CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection S ...)
	NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to c ...)
	- pidgin 2.6.1-1 (low)
	[lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
	[etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking featu ...)
	- libio-socket-ssl-perl 1.30-1
	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
	[etch] - libio-socket-ssl-perl <not-affected> (Affected functionality introduced in 1.14)
CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information S ...)
	NOT-FOR-US: Microsoft IIS
CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and e ...)
	NOT-FOR-US: bingo!CMS
CVE-2009-3021 (Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' pl ...)
	NOT-FOR-US: Site Calendar 'mycaljp' plugin
CVE-2009-3020 (win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attacker ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2009-3019 (Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3018 (Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block ...)
	NOT-FOR-US: Maxthon Browser
CVE-2009-3017 (Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh ...)
	NOT-FOR-US: Orca Browser
CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs  ...)
	NOT-FOR-US: Apple Safari
CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and d ...)
	- qt4-x11 <unfixed> (unimportant)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; S ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
	- iceweasel <removed> (unimportant)
CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
	NOT-FOR-US: Opera
CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre do ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0. ...)
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; S ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
	- iceweasel <removed> (unimportant)
CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2 ...)
	{DSA-1887-1}
	- rails 2.2.3-1 (low; bug #545063)
	[etch] - rails <no-dsa> (Unsupported)
CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
	NOT-FOR-US: K-Meleon
CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow con ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.3-3 (low)
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 2.0-1 (low)
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - iceape <not-affected> (Iceape from Lenny only provides NSS libs)
	- webkit <not-affected> (proof-of-concept did not work)
CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the  ...)
	NOT-FOR-US: Maxthon Browser
CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address ...)
	NOT-FOR-US: Lunascape
CVE-2009-3004 (Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof t ...)
	NOT-FOR-US: Avant Browser
CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to spo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data st ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	NOTE: minor info leaks
CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2. ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	NOTE: minor info leak
CVE-2009-3000 (The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_ ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote attac ...)
	NOT-FOR-US: Android
CVE-2009-XXXX [serveez: buffer overflow in header parser]
	- serveez <removed> (low)
	[lenny] - serveez 0.1.5-2.1+lenny1
	[etch] - serveez 0.1.5-2+etch1
CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1. ...)
	NOT-FOR-US: Adobe
CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7,  ...)
	NOT-FOR-US: Adobe
CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x befo ...)
	NOT-FOR-US: Adobe
CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before  ...)
	NOT-FOR-US: Adobe
CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before  ...)
	NOT-FOR-US: Adobe
CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and A ...)
	NOT-FOR-US: Adobe
CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x befo ...)
	NOT-FOR-US: Adobe
CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, an ...)
	NOT-FOR-US: Adobe
CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and Ac ...)
	NOT-FOR-US: Adobe
CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x be ...)
	NOT-FOR-US: Adobe
CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibl ...)
	NOT-FOR-US: Adobe
CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...)
	NOT-FOR-US: Adobe
CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x b ...)
	NOT-FOR-US: Adobe
CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x bef ...)
	NOT-FOR-US: Adobe
CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibl ...)
	NOT-FOR-US: Adobe
CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents  ...)
	NOT-FOR-US: Cisco
CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly invol ...)
	- xulrunner <not-affected> (unimportant)
	NOTE: browser crashes not treated as security issues
	NOTE: not reproducible, probably only Firefox in Windows XP is affected
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attack ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't support 'chromehtml' protocol)
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a  ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote attac ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2971
	RESERVED
CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an Acti ...)
	NOT-FOR-US: UiTV UiPlayer
CVE-2009-2969
	RESERVED
CVE-2009-2968 (Directory traversal vulnerability in a support component in the web in ...)
	NOT-FOR-US: VMware Studio
CVE-2009-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6  ...)
	- buildbot 0.7.11p3-1
	[lenny] - buildbot <no-dsa> (Minor issue)
	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0. ...)
	NOT-FOR-US: Kaspersky Internet Security
CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvisi ...)
	NOT-FOR-US: Radvision Scopia
CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in Squirrel ...)
	{DSA-2091-1}
	- squirrelmail 2:1.4.20~rc2-1 (low; bug #543818)
CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...)
	NOT-FOR-US: Toolbar Uninstaller
CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows r ...)
	NOT-FOR-US: Thaddy de Konng KOL Player
CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to page ...)
	NOT-FOR-US: CuteFlow
CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web status v ...)
	- buildbot 0.7.11p3-1 (low; bug #543822)
	[lenny] - buildbot <no-dsa> (Minor issue)
	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when --ena ...)
	{DSA-1876-1}
	- dnsmasq 2.50-1
	[etch] - dnsmasq <not-affected>
CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in d ...)
	{DSA-1876-1}
	- dnsmasq 2.50-1
	[etch] - dnsmasq <not-affected>
CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Comm ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause  ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	NOTE: browser denial of services are not considered security-relevant
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attacke ...)
	- xulrunner <unfixed> (unimportant; bug #557753)
	NOTE: browser denial-of-services are considered unimportant
CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...)
	NOT-FOR-US: Phenotype CMS
CVE-2009-2950 (Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompress ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-2949 (Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3 ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (medium; bug #550423)
CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...)
	{DSA-1882-1}
	- xapian-omega 1.0.15-2
CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in de ...)
	{DSA-1878-2 DSA-1878-1}
	- devscripts 2.10.54
CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford Univer ...)
	- webauth 3.6.2-1 (low)
	[lenny] - webauth 3.6.0-1+lenny1
	[etch] - webauth <not-affected> (Vulnerable code not present)
CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki bef ...)
	{DSA-1875-1}
	- ikiwiki 3.1415926
CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL  ...)
	{DSA-1909-1}
	- postgresql-ocaml 1.12.1-1 (low)
CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the m ...)
	{DSA-1910-1}
	- mysql-ocaml 1.0.4-7 (low)
CVE-2009-2941
	RESERVED
CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support ...)
	{DSA-1911-1}
	- pygresql 1:4.0-1 (low)
CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix ...)
	- postfix 2.6.5-3 (low)
	[lenny] - postfix 2.5.5-1.1+lenny1
	[etch] - postfix <no-dsa> (Minor issue)
CVE-2009-2938
	RESERVED
CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venu ...)
	- planet <removed> (low; bug #546178)
	[lenny] - planet <no-dsa> (Minor issue)
	[etch] - planet <no-dsa> (Minor issue)
	- planet-venus 0~bzr116-1 (low; bug #546179)
	[lenny] - planet-venus 0~bzr95-2+lenny1
	[etch] - planet-venus <no-dsa> (Minor issue)
CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or administr ...)
	- varnish 2.1.0-2 (unimportant)
	NOTE: Only a security issue if used against best practices
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote a ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed Inte ...)
	NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 all ...)
	- piwigo <not-affected> (Fixed before initial upload to the archive)
CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the  ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director 1. ...)
	NOT-FOR-US: SlideShowPro Director
CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...)
	NOT-FOR-US: elka CMS (aka Elkapax)
CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x a ...)
	NOT-FOR-US: TGS Content Management
CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content M ...)
	NOT-FOR-US: TGS Content Management
CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CM ...)
	NOT-FOR-US: DigitalSpinners DS CMS
CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA  ...)
	NOT-FOR-US: PHP Competition System BETA
CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly oth ...)
	- pidgin 2.6.1-1 (low; bug #542891)
	[lenny] - pidgin 2.4.3-4lenny4
	NOTE: gaim nof affected, it never claimed to support TLS/SSL
	NOTE: http://developer.pidgin.im/ticket/8131
	NOTE: http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
CVE-2009-2962
	REJECTED
CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allo ...)
	NOT-FOR-US: DJCalendar
CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2  ...)
	NOT-FOR-US: Videos Broadcast Yourself 2
CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1 ...)
	NOT-FOR-US: BitmixSoft PHP-Lance
CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria  ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...)
	NOT-FOR-US: MOC Designs PHP News
CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 all ...)
	NOT-FOR-US: Elvin
CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2  ...)
	NOT-FOR-US: Boonex Orca
CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows  ...)
	NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...)
	NOT-FOR-US: ImTOO MPEG Encoder
CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in  ...)
	NOT-FOR-US: 2K Games Vietcong
CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery Sys ...)
	NOT-FOR-US: 2FLY Gift Delivery System
CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero Communi ...)
	NOT-FOR-US: XZero Community Classified
CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero Communi ...)
	NOT-FOR-US: XZero Community Classified
CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through  ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2911 (SystemTap 1.0, when the --unprivileged option is used, does not proper ...)
	- systemtap 1.0-2 (bug #551918)
	[lenny] - systemtap <not-affected> (Affected functionality only added in 1.0)
CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <unfixed> (medium)
CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in net/ax25/a ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux  ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc ...)
	NOT-FOR-US: SpringSource tc Server, Application Management Suite, Hyperic HQ Open Source, and Hyperic Enterprise
CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8,  ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (low; bug #550423)
CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0. ...)
	{DSA-1894-1}
	- newt 0.52.10-4.1 (medium; bug #548198)
CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in OpenS ...)
	- openssh <not-affected> (issue with homechroot patch specific to Red Hat)
CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x throu ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.2 ...)
	{DSA-2207-1}
	- tomcat6 6.0.24-1 (low)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5.5 <removed>
CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6 ...)
	- tomcat6 <not-affected> (Windows-only)
	- tomcat5.5 <not-affected> (Windows-only)
CVE-2009-2900
	RESERVED
CVE-2009-2899 (The monitor perl script in the Sybase database plug-in in SpringSource ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/G ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attac ...)
	NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (U ...)
	NOT-FOR-US: Ultimate Regnow Affiliate
CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZ ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
	NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles all ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts N ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman al ...)
	NOT-FOR-US: PHP Scripts Now Hangman
CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts No ...)
	NOT-FOR-US: PHP Scripts Now President Bios
CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President B ...)
	NOT-FOR-US: PHP Scripts Now President
CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's Tal ...)
	NOT-FOR-US: PHP Scripts Now World's
CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts No ...)
	NOT-FOR-US: PHP Scripts Now World's Tallest Buildings
CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, whe ...)
	NOT-FOR-US: SaphpLesson
CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking  ...)
	NOT-FOR-US: PG MatchMaking
CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote  ...)
	NOT-FOR-US: Basilic
CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in us ...)
	- backuppc 3.1.0-8 (low; bug #542218)
	[etch] - backuppc <not-affected> (No configuration GUI)
	[lenny] - backuppc 3.1.0-4lenny2
CVE-2009-5043 (burn allows file names to escape via mishandled quotation marks ...)
	- burn 0.4.5-1 (low; bug #542329)
	[lenny] - burn 0.4.3-2.1+lenny1
	[etch] - burn <no-dsa> (Minor issue)
CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x befor ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Play ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x befor ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6) ...)
	NOT-FOR-US: Cisco Unified Presence
CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Expre ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Expre ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN sess ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the Cis ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when certifi ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, 12.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2865 (Buffer overflow in the login implementation in the Extension Mobility  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2864 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2863 (Race condition in the Firewall Authentication Proxy feature in Cisco I ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Li ...)
	NOT-FOR-US: Cisco
CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows  ...)
	NOT-FOR-US: db2jds in IBM DB2
CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access  ...)
	NOT-FOR-US: IBM DB2
CVE-2009-2858 (Memory leak in the Security component in IBM DB2 8.1 before FP18 on Un ...)
	NOT-FOR-US: IBM DB2
CVE-2009-2857 (The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103 ...)
	NOT-FOR-US: kernel in Sun Solaris
CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding i ...)
	NOT-FOR-US: Sun Virtual Desktop Infrastructure
CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allo ...)
	{DSA-1991-1}
	- squid 2.7.STABLE7-1 (low; bug #534982)
	- squid3 3.0.STABLE19-1
CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain actions ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1
CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via  ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1
CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_global ...)
	NOT-FOR-US: WP-Syntax plugin
CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator interfac ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low)
CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow conte ...)
	NOT-FOR-US: NASA Common Data Format
CVE-2009-2845
	REJECTED
CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 mi ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-4 (medium)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (medium)
CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and earli ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 thr ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-6 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component (driv ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-6 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and oth ...)
	- linux-2.6 2.6.30-7 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
	- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accept ...)
	NOT-FOR-US: Mac OS X
CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2841 (The HTMLMediaElement::loadResource function in html/HTMLMediaElement.c ...)
	- webkit 1.1.21-1 (medium; bug #559759)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/49480
	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <not-affected> (No support for HTML5 video tags)
CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to e ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X befo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly handle ta ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International Compo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...)
	- file 5.03-1
	[lenny] - file <not-affected>
	[etch] - file <not-affected>
CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafte ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 all ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 al ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not properl ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTT ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not p ...)
	NOT-FOR-US: AirPort Utility
CVE-2009-2821
	RESERVED
CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X befo ...)
	{DSA-1933-1}
	- cups 1.4.2-1 (low; bug #555666)
	- cupsys <removed>
CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execu ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly ha ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers t ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit,  ...)
	- webkit 1.1.21-1 (low; bug #559759)
	[lenny] - webkit <not-affected> (vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/47494
CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not properl ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple M ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.1 ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (bug #550422)
	NOTE: requires an administrator to manually configure a user account without
	NOTE: a home dir, otherwise, this is ineffective
CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively cle ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers t ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS conn ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS  ...)
	- cupsys <not-affected> (issue in darwin-specific code; bug #550150)
	- cups <not-affected> (issue in darwin-specific code; bug #550150)
CVE-2009-2806
	RESERVED
CVE-2009-2805 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8  ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ex ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2802 (MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME ty ...)
	- mantis <not-affected> (Only affects 1.2.x)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
	NOTE: http://www.mantisbt.org/blog/?p=113
CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified fi ...)
	NOT-FOR-US: Apple Application Firewall
CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and iPho ...)
	- webkit 1.1.21-1 (low; bug #559759)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	NOTE: http://trac.webkit.org/changeset/42483
CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iP ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple iPh ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1, and iPho ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2793 (The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms doe ...)
	NOT-FOR-US: NetBSD kernel
CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in Reall ...)
	NOT-FOR-US: Really Simple CMS
CVE-2009-2791 (PHP remote file inclusion vulnerability in pda_projects.php in WebDyna ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2009-2790 (SQL injection vulnerability in cat_products.php in SoftBiz Dating Scri ...)
	NOT-FOR-US: SoftBiz Dating
CVE-2009-2789 (SQL injection vulnerability in the Permis (com_groups) component 1.0 f ...)
	NOT-FOR-US: com_groups component for Joomla!
CVE-2009-2788 (Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remot ...)
	NOT-FOR-US: Mobilelib GOLD
CVE-2009-2787 (Directory traversal vulnerability in include/reputation/rep_profile.ph ...)
	NOT-FOR-US: Reputation plugin for PunBB
CVE-2009-2786 (SQL injection vulnerability in reputation.php in the Reputation plugin ...)
	NOT-FOR-US: Reputation plugin for PunBB
CVE-2009-2785 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classi ...)
	NOT-FOR-US: PHP Open Classifieds Script
CVE-2009-2784 (Multiple directory traversal vulnerabilities in dit.cms 1.3, when regi ...)
	NOT-FOR-US: dit.cms
CVE-2009-2783 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 all ...)
	NOT-FOR-US: XOOPS
CVE-2009-2782 (SQL injection vulnerability in the JFusion (com_jfusion) component for ...)
	NOT-FOR-US: com_jfusion component for Joomla!
CVE-2009-2781 (SQL injection vulnerability in forum.php in Arab Portal 2.x, when magi ...)
	NOT-FOR-US: Arab Portal
CVE-2009-2780 (Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds  ...)
	NOT-FOR-US: 68 Classifieds
CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows remot ...)
	NOT-FOR-US: AJ Matrix DNA
CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in Garage ...)
	NOT-FOR-US: GarageSales script
CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script  ...)
	NOT-FOR-US: GarageSales Script
CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey allo ...)
	NOT-FOR-US: Smart ASP Survey
CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arc ...)
	NOT-FOR-US: PHPArcadeScript
CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Scrip ...)
	NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...)
	NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Fin ...)
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 all ...)
	NOT-FOR-US: Free Arcade Script
CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and g ...)
	NOT-FOR-US: PowerUpload
CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in Ul ...)
	NOT-FOR-US: Ultrize TimeSheet
CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat  ...)
	- linux-2.6 2.6.30-6 (medium)
	[etch] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (kernel/cred.c introduced in 2.6.29)
CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux k ...)
	- linux-2.6 2.6.30-6 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not requi ...)
	NOT-FOR-US: DD-WRT
CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ver ...)
	NOT-FOR-US: DD-WRT
CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 plat ...)
	NOT-FOR-US: Microsoft
CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and Software ( ...)
	- ocsinventory-server 1.02.1-2 (unimportant; bug #541995)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and Softwa ...)
	- ocsinventory-server 1.02.1-2 (unimportant; bug #541995)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2009-2763
	RESERVED
CVE-2009-XXXX [logrotate race condition could lead to file disclosure]
	- logrotate 3.7.8-4 (low; bug #388608)
	[lenny] - logrotate <no-dsa> (Minor issue)
CVE-2009-XXXX [XSS in drupal printing module]
	- drupal6 <removed> (unimportant)
	NOTE: you need admin privs in orde to exploit this
	NOTE: http://lampsecurity.org/drupal-print-module-vulnerabilities
CVE-2009-2761 (Unquoted Windows search path vulnerability in the scheduler (sched.exe ...)
	NOT-FOR-US: Avira AntiVir
CVE-2009-2760
	RESERVED
CVE-2009-2759
	RESERVED
CVE-2009-2758
	RESERVED
CVE-2009-2757
	RESERVED
CVE-2009-2756
	RESERVED
CVE-2009-2755
	RESERVED
CVE-2009-2754 (Integer signedness error in the authentication functionality in librpc ...)
	NOT-FOR-US: Informix Storage Manager
CVE-2009-2753 (Multiple buffer overflows in the authentication functionality in librp ...)
	NOT-FOR-US: Informix Storage Manager
CVE-2009-2752 (IBM WebSphere Commerce 7.0 does not properly encrypt data in a databas ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2751 (IBM WebSphere Commerce 7.0 uses the same cryptographic key for session ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2750 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2  ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA) before 1.0. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2748 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2747 (The Java Naming and Directory Interface (JNDI) implementation in IBM W ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2745
	RESERVED
CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 be ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSph ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in the test ...)
	NOT-FOR-US: IBM WebSphere Business Events
CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention Syste ...)
	NOT-FOR-US: CA Host-Based Intrusion Prevention System (HIPS)
CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allo ...)
	NOT-FOR-US: FreeNAS
CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeN ...)
	NOT-FOR-US: FreeNAS
CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2 ...)
	{DSA-1754-1}
	- roundup 1.4.4-4+lenny1 (bug #518768)
CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester OpenNew ...)
	NOT-FOR-US: OpenNews
CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, w ...)
	NOT-FOR-US: OpenNews
CVE-2009-2734 (SQL injection vulnerability in the get_employee function in classweekr ...)
	NOT-FOR-US: Achievo
CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before  ...)
	NOT-FOR-US: Achievo
CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier al ...)
	- ntop 3:3.3-12 (low; bug #543312)
	[lenny] - ntop <no-dsa> (Minor issue)
	[etch] - ntop <no-dsa> (Minor issue)
CVE-2009-2731
	RESERVED
CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' chara ...)
	{DSA-1935-1}
	- gnutls26 2.8.3-1 (low; bug #541439)
	- gnutls13 <removed>
CVE-2009-2729
	RESERVED
CVE-2009-2728
	RESERVED
CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in t ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1. ...)
	- asterisk 1:1.6.2.0~dfsg~rc1-1 (bug #541441)
	[squeeze] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
	[lenny] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
	[etch] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
CVE-2009-2725
	RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before Upda ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in  ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2720 (Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.i ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 al ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 befo ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 befo ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not pr ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...)
	- wordpress 2.8.3-2 (unimportant; bug #541102)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: not really a security issue in my opinion, just an annoying bug
CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...)
	- virtualbox-ose 3.0.4-dfsg-1 (medium)
	[lenny] - virtualbox-ose <not-affected> (Doesn't affect 1.6.x)
CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows gue ...)
	- virtualbox-ose 3.0.4-dfsg-1
	[lenny] - virtualbox-ose <not-affected> (Only 3.0.x affected per Sun advisory)
CVE-2009-2713 (The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4  ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2712 (Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and Op ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2711 (XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and  ...)
	NOT-FOR-US: XScreenSaver in Sun Solaris
CVE-2009-XXXX [mantis: information leak]
	- mantis 1.1.8+dfsg-2 (medium; bug #425010)
	[lenny] - mantis 1.1.6+dfsg-2lenny1
	NOTE: cve id requested on oss-sec
CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper acc ...)
	- spip 2.0.9-1 (medium)
CVE-2009-XXXX [rubygems: integrity violation]
	- libgems-ruby <not-affected> (Debian's version installs gems packages to /var/lib/gems, bug #540610)
	NOTE: so no opportunity to overwrite system files
	NOTE: CVE id already requested
CVE-2009-XXXX [bugzilla: unauthorized bug modification]
	- bugzilla 3.2.4-1 (low)
	[etch] - bugzilla <no-dsa> (minor issue)
	[lenny] - bugzilla <no-dsa> (minor issue)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495257
CVE-2009-5044 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows ...)
	- groff 1.20.1-5 (low; bug #538330)
	[etch] - groff <not-affected> (pdfroff not yet present)
	[lenny] - groff <not-affected> (pdfroff not yet present)
	NOTE: requested CVE ids
CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution video devices]
	- xscreensaver 5.05-3+nmu1 (low; bug #539699)
	[etch] - xscreensaver <not-affected> (vulnerable code not present)
	[lenny] - xscreensaver 5.05-3+lenny1
CVE-2009-2626 (The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2 ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low; bug #540605)
	[etch] - php5 <no-dsa> (too risky to fix it there)
	NOTE: requires the script itself to set and then restore a config var
CVE-2009-XXXX [php5: 'open_basedir' bypass]
	- php5 5.3.1-1 (unimportant; bug #540606)
	NOTE: only affects 5.3.0 in experimental, open_basedir unsupported
CVE-2009-2710
	REJECTED
CVE-2009-2709
	REJECTED
CVE-2009-2708
	REJECTED
CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation functiona ...)
	NOT-FOR-US: SUSE Linux
CVE-2009-2706
	REJECTED
CVE-2009-2705 (CA SiteMinder allows remote attackers to bypass cross-site scripting ( ...)
	NOT-FOR-US: SiteMinder
CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site scripting ( ...)
	NOT-FOR-US: SiteMinder
CVE-2009-2703 (libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...)
	- pidgin 2.6.2 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[etch] - pidgin <no-dsa> (Minor issue)
	[lenny] - gaim <not-affected> (Only a transitional package)
	- gaim <removed>
	NOTE: this is only a null ptr dereference and can only be triggered by a rogue irc server
CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ' ...)
	{DSA-1916-1}
	- kdelibs 4:3.5.10.dfsg.1-2.1 (low; bug #546212)
	- kde4libs 4:4.3.2-1 (low; bug #546218)
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage ...)
	- zodb 1:3.9.0-1
	[etch] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
	[lenny] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...)
	{DSA-1988-1}
	- qt4-x11 4:4.5.3-1 (medium; bug #545793)
	[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3)
CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in poll/unix/por ...)
	- apr <not-affected> (does not affect Linux or kFreeBSD)
CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp ...)
	{DSA-1872-1}
	- linux-2.6 2.6.19-1 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.19)
CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) before 2. ...)
	- gdm <not-affected> (TCP Wrappers support enabled correctly)
CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ca ...)
	NOT-FOR-US: Red-Hat-specific patching problem in Tomcat
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=616717
CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap oper ...)
	{DSA-2005-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (2.6.18 does not have mmap_min_addr)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2694 (The msn_slplink_process_msg function in libpurple/protocols/msn/slplin ...)
	{DSA-1870-1}
	- pidgin 2.5.9-1 (medium; bug #542486)
	[lenny] - gaim <not-affected> (Only a transitional package)
	- gaim <removed>
CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.2 ...)
	{DSA-2207-1}
	- tomcat6 6.0.24-1 (low)
	[lenny] - tomcat6 <not-affected> (The package only ships the servlet packages)
	- tomcat5.5 <removed>
CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, d ...)
	{DSA-1864-1 DSA-1865-1 DSA-1862-1}
	- linux-2.6 2.6.30-6 (high; bug #541403)
	- linux-2.6.24 <removed>
CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30. ...)
	{DSA-2005-1}
	- linux-2.6 2.6.30-7 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed>
CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants rea ...)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 b ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when  ...)
	- xemacs21 21.4.22-3 (low; bug #540470)
	[etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
	[lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, H ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web se ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and t ...)
	NOT-FOR-US: Embedded Web Server in HP printers
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics S ...)
	NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP ...)
	NOT-FOR-US: HP-UX
CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...)
	NOT-FOR-US: HP ProCurve Identity Driven Manager
CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...)
	NOT-FOR-US: HP StorageWorks
CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and  ...)
	NOT-FOR-US: HP HP-UX
CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name Server on ...)
	NOT-FOR-US: Open System Services (OSS) Name Server on HP NonStop
CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX)
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <undetermined> (bug #566769)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime Environm ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <undetermined> (bug #566769)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runti ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment (JR ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment (JR ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) i ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE  ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0. ...)
	NOT-FOR-US: Microsoft
CVE-2009-2667 (Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1 ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2009-2666 (socket.c in fetchmail before 6.3.11 does not properly handle a '\0' ch ...)
	{DSA-1852-1}
	- fetchmail 6.3.9~rc2-6
CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in content/base/src/nsD ...)
	- xulrunner 1.9.1.8-1
	[lenny] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
	[etch] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript eng ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
	{DSA-1939-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
	- xulrunner 1.9.1.2-1 (medium; bug #540961)
	[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
	[lenny] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4 ...)
	{DSA-1899-1}
	- strongswan 4.3.2-1.1 (bug #540144)
CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow context-depen ...)
	{DSA-1912-2 DSA-1912-1 DSA-1857-1}
	- camlimages 1:3.0.1-3 (low; bug #540146)
	- advi 1.6.0-15 (low; bug #551282)
CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary  ...)
	- nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files)
CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android  ...)
	NOT-FOR-US: Android
CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote a ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1 (low; bug #539891)
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2653
	NOT-FOR-US: Microsoft Windows
CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris ...)
	NOT-FOR-US: Solaris Trusted Extensions
CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOu ...)
	{DSA-1941-1}
	- poppler 0.12.2-2.1 (low; bug #534680)
	[etch] - poppler <not-affected> (Vulnerable code not present)
CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before  ...)
	{DSA-2025-1 DSA-1874-1}
	- nss 3.12.3-1 (medium; bug #539934)
	- icedove 2.0.0.24-1 (medium)
CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote  ...)
	- asterisk 1:1.6.2.0~dfsg~rc1-1 (low; bug #539473)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: AST-2009-004
CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)
	NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
	- kfreebsd-8 8.0-1 (bug #572811)
	- kfreebsd-7 7.3-1 (bug #572811)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <removed> (bug #572811)
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration inf ...)
	NOT-FOR-US: FlashDen Guestbook
CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky I ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-2646 (Multiple unspecified vulnerabilities in the PDF distiller in the Attac ...)
	NOT-FOR-US: Research In Motion (RIM) BlackBerry Enterprise Server (BES)
CVE-2009-2645
	REJECTED
CVE-2009-2644 (Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and  ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django 1.0 and  ...)
	- python-django 1.1-1 (low; bug #539134)
	[etch] - python-django <no-dsa> (Minor issue)
	[lenny] - python-django 1.0.2-1+lenny1
CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the Attac ...)
	NOT-FOR-US: BlackBerry Products
CVE-2009-XXXX [ser2net DoS]
	- ser2net 2.6-1 (low; bug #535159)
	[etch] - ser2net <no-dsa> (Minor issue)
	[lenny] - ser2net <no-dsa> (Minor issue)
CVE-2009-2642 (index.php in Desi Short URL Script 1.0 allows remote attackers to bypa ...)
	NOT-FOR-US: Desi Short URL
CVE-2009-2641 (PHP remote file inclusion vulnerability in app_and_readme/navigator/in ...)
	NOT-FOR-US: School Data Navigator
CVE-2009-2640 (Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy P ...)
	NOT-FOR-US: Interlogy Profile Manager Basic
CVE-2009-2639 (SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System ...)
	NOT-FOR-US: MRCGIGUY
CVE-2009-2638 (SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2637 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Book ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2636 (Cross-site scripting (XSS) vulnerability in the Integration page in th ...)
	NOT-FOR-US: WebMail component in Kerio MailServer
CVE-2009-2635 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Real ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2634 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Medi ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in the Vehi ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c), as use ...)
	{DSA-1893-1 DSA-1892-1 DSA-1881-1}
	- cyrus-imapd-2.2 2.2.13-15 (medium)
	- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
	- dovecot 1:1.2.1-1 (medium; bug #546656)
CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers, includi ...)
	NOT-FOR-US: Commercial SSL VPN products
CVE-2009-2630
	RESERVED
CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0 ...)
	{DSA-1884-1}
	- nginx 0.7.61-3 (medium)
CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3  ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlu ...)
	NOT-FOR-US: Acer LunchApp
CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime En ...)
	{DSA-1984-1}
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
	- libxerces2-java 2.9.1-4.1 (bug #548358)
CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a h ...)
	{DSA-1974-1}
	- gzip 1.3.12-8 (medium; bug #507263)
CVE-2009-2623
	RESERVED
CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6 ...)
	- firebird2.0 2.0.5.13206-0.ds2-4 (low; bug #539477)
	[lenny] - firebird2.0 2.0.4.13130-1.ds1-4+lenny1
	- firebird2.1 2.1.2.18118-0.ds1-4 (low; bug #539478)
CVE-2009-2619 (SQL injection vulnerability in login.asp in DataCheck Solutions V-Spac ...)
	NOT-FOR-US: DataCheck Solutions V-SpacePal
CVE-2009-2618 (SQL injection vulnerability in the Surveys (aka NS-Polls) module in MD ...)
	NOT-FOR-US: MDPro module
CVE-2009-2617 (Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 al ...)
	NOT-FOR-US: BaoFeng Storm
CVE-2009-2616 (SQL injection vulnerability in z_admin_login.asp in DataCheck Solution ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2615 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solut ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2614 (SQL injection vulnerability in z_admin_login.asp in DataCheck Solution ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2613 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solut ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2612 (SQL injection vulnerability in login.aspx in ProSMDR allows remote att ...)
	NOT-FOR-US: ProSMDR
CVE-2009-2611 (Directory traversal vulnerability in infusions/last_seen_users_panel/l ...)
	NOT-FOR-US: MyFusion
CVE-2009-2610 (Cross-site scripting (XSS) vulnerability in the Links Related module i ...)
	NOT-FOR-US: Drupal module
CVE-2009-2609 (SQL injection vulnerability in the amoCourse (com_amocourse) component ...)
	NOT-FOR-US: Joomla! module
CVE-2009-2608 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...)
	NOT-FOR-US: PHP Address Book
CVE-2009-2607 (SQL injection vulnerability in the com_pinboard component for Joomla!  ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2606 (ASP Football Pool 2.3 stores sensitive information under the web root  ...)
	NOT-FOR-US: ASP Football Pool
CVE-2009-2605 (Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up ...)
	NOT-FOR-US: Traidnt up
CVE-2009-2604 (Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help D ...)
	NOT-FOR-US: Zen Help Desk
CVE-2009-2603 (Multiple SQL injection vulnerabilities in index.php in Escon SupportPo ...)
	NOT-FOR-US: Escon SupportPortal Pro
CVE-2009-2602 (R2 Newsletter Lite, Pro, and Stats stores sensitive information under  ...)
	NOT-FOR-US: R2 Newsletter Store
CVE-2009-2601 (SQL injection vulnerability in the Joomlaequipment (aka JUser or com_j ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2600 (Multiple directory traversal vulnerabilities in view.php in Webboard 2 ...)
	NOT-FOR-US: Webboard
CVE-2009-2599 (SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 al ...)
	NOT-FOR-US: RadCLASSIFIEDS
CVE-2009-2598 (Multiple SQL injection vulnerabilities in Online Grades &amp; Attendan ...)
	NOT-FOR-US: Online Grades & Attendance
CVE-2009-2597 (The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for S ...)
	NOT-FOR-US: Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server
CVE-2009-2596 (Unspecified vulnerability in the Solaris Auditing subsystem in Sun Sol ...)
	NOT-FOR-US: Solaris Auditing subsystem
CVE-2009-2622 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote  ...)
	{DSA-1843-2 DSA-1843-1}
	- squid3 3.0.STABLE18-1 (medium; bug #538989)
	- squid <not-affected> (see NOTE)
	NOTE: squid 2.x not affected, according to
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2621 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not prope ...)
	{DSA-1843-2 DSA-1843-1}
	- squid3 3.0.STABLE18-1 (medium; bug #538989)
	- squid <not-affected> (see NOTE)
	NOTE: squid 2.x not affected, according to
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2595 (Cross-site scripting (XSS) vulnerability in productSearch.html in Cens ...)
	NOT-FOR-US: Censura
CVE-2009-2594 (Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.1 ...)
	NOT-FOR-US: Censura
CVE-2009-2593 (SQL injection vulnerability in censura.php in Censura 1.16.04 allows r ...)
	NOT-FOR-US: Censura
CVE-2009-2592 (SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6  ...)
	NOT-FOR-US: PHPJunkYard
CVE-2009-2591 (SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3. ...)
	NOT-FOR-US: MyAnnonces module for E-Xoopport
CVE-2009-2590 (SQL injection vulnerability in showcategory.php in Hutscripts PHP Webs ...)
	NOT-FOR-US: Hutscripts PHP
CVE-2009-2589 (Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP  ...)
	NOT-FOR-US: Hutscripts PHP
CVE-2009-2588 (Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type ...)
	NOT-FOR-US: Hotscripts Type PHP Clone Script
CVE-2009-2587 (Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart al ...)
	NOT-FOR-US: DragDropCart
CVE-2009-2586 (Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZ ...)
	NOT-FOR-US: EZArticles
CVE-2009-2585 (SQL injection vulnerability in index.php in Mlffat 2.2 allows remote a ...)
	NOT-FOR-US: Mlffat
CVE-2009-XXXX [nilfs-tools privilege escalation]
	- nilfs2-tools <not-affected> (We don't install this with setuid)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=505374
CVE-2009-XXXX [XSS in drupal 6 calendar field]
	- drupal6 <removed> (unimportant)
	NOTE: you need to be able to create new calendar items, e.g. admistrative
	NOTE: access in order to exploit that
	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069849.html
CVE-2009-2584 (Off-by-one error in the options_write function in drivers/misc/sgi-gru ...)
	- linux-2.6 2.6.31-2 (high)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 <not-affected> (vulnerable code not present)
	NOTE: exploit code exists
CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity Manag ...)
	NOT-FOR-US: IBM Tivoli
CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager  ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScr ...)
	NOT-FOR-US: EditeurScripts EsNews
CVE-2009-2580
	REJECTED
CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward po ...)
	NOT-FOR-US: CS-Cart
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a d ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	NOTE: browser denial of services not considered security-relevant
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Opera
CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote at ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers t ...)
	NOT-FOR-US: BlackBerry
CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...)
	NOT-FOR-US: MiniTwitter
CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when m ...)
	NOT-FOR-US: MiniTwitter
CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...)
	NOT-FOR-US: Drupal Module
CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ve ...)
	NOT-FOR-US: VerliAdmin
CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...)
	NOT-FOR-US: Symantec WinFax Pro
CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Contro ...)
	NOT-FOR-US: vhcp
CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0 ...)
	NOT-FOR-US: Sorinara Streaming Audio Player
CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) co ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30 ...)
	NOT-FOR-US: TFM MMPlayer
CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromu ...)
	NOT-FOR-US: Perl CGI's By Mrs. Shiromuku shiromuku
CVE-2009-2564 (NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6 ...)
	NOT-FOR-US: Adobe
CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0 ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0)
CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 thro ...)
	{DSA-1942-1}
	- wireshark 1.2.1-1 (low; bug #538237)
	[lenny] - wireshark 1.0.2-3+lenny6
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 al ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.2.0)
CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote a ...)
	{DSA-1942-1}
	- wireshark 1.2.1-1 (bug #538237)
CVE-2009-2559 (Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.2.0)
CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly restrict  ...)
	NOT-FOR-US: Admin News Tools
CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...)
	NOT-FOR-US: Admin News Tools
CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage renderer  ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specfic renderer issue)
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1. ...)
	- chromium-browser <not-affected> (Only 1.x and 2.x are affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote at ...)
	{DSA-1848-1}
	- znc 0.074-1 (medium; bug #537977)
	NOTE: http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
	NOTE: CVE id requested
CVE-2009-2554 (SQL injection vulnerability in the search method in jobline.class.php  ...)
	NOT-FOR-US: Joomla!
CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super Simple ...)
	NOT-FOR-US: Super Simple Blog Script
CVE-2009-2552 (Multiple directory traversal vulnerabilities in comments.php in Super  ...)
	NOT-FOR-US: Super Simple Blog Script
CVE-2009-2551 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy  ...)
	NOT-FOR-US: ScriptsEz Easy Image Downloader
CVE-2009-2550 (Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote ...)
	NOT-FOR-US: Hamster Audio Player
CVE-2009-2549 (Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed As ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2548 (Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earli ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2547 (Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1. ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2546 (Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2009-2545 (SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2009-2544 (Directory traversal vulnerability in the Marcelo Costa FileServer comp ...)
	NOT-FOR-US: Marcelo Costa FileServer
CVE-2009-2543 (Multiple unspecified vulnerabilities in the IBM Proventia engine 4.9.0 ...)
	NOT-FOR-US: IBM Proventia engine
CVE-2009-2542 (Netscape 6 and 8 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: Netscape 6 and 8
CVE-2009-2541 (The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attacker ...)
	NOT-FOR-US: Sony PLAYSTATION 3
CVE-2009-2540 (Opera, possibly 9.64 and earlier, allows remote attackers to cause a d ...)
	NOT-FOR-US: Opera
CVE-2009-2539 (The Aigo P8860 allows remote attackers to cause a denial of service (m ...)
	NOT-FOR-US: Aigo P8860
CVE-2009-2538 (The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet al ...)
	NOT-FOR-US: Nokia N95
CVE-2009-2537 (KDE Konqueror allows remote attackers to cause a denial of service (me ...)
	- kdebase <unfixed> (unimportant; bug #537931)
CVE-2009-2536 (Microsoft Internet Explorer 5 through 8 allows remote attackers to cau ...)
	NOT-FOR-US: Microsoft Internet Explorer 5
CVE-2009-2535 (Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and T ...)
	- iceweasel 3.0.5-1 (unimportant)
	[etch] - iceweasel 2.0.0.19-0etch1 (unimportant)
CVE-2009-2534 (RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow  ...)
	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before 1 ...)
	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold a ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handl ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed obj ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allow ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec ...)
	NOT-FOR-US: Microsoft Windows Media Runtime
CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local Secu ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2522
	REJECTED
CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft Intern ...)
	NOT-FOR-US: Microsoft Internet Information Server
CVE-2009-2520
	REJECTED
CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote atta ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly hand ...)
	NOT-FOR-US: Microsoft Windows Server 2003
CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2514 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2513 (The Graphics Device Interface (GDI) in win32k.sys in the kernel in Mic ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2512 (The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2  ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2508 (The single sign-on implementation in Active Directory Federation Servi ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista S ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .N ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Win ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows  ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...)
	NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Me ...)
	NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX Contro ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
	- movabletype-opensource 4.2.6.1-1 (low; bug #537935)
	[lenny] - movabletype-opensource 4.2.3-1+lenny1
CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block implemen ...)
	- mediawiki 1:1.15.0-1.1 (low; bug #537634)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
	[etch] - mediawiki1.7 <not-affected> (vulnerably code introduced in 1.14.0)
	[lenny] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
	NOTE: fixed in upstream 1.15.1
CVE-2009-XXXX [insecure tmp file vulnerability in slim]
	- slim <removed> (unimportant; bug #537604)
	NOTE: exploit scenario too constructed
	[lenny] - slim 1.3.0-1+lenny2
CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in modu ...)
	- vlc <not-affected> (The vulnerability affects Windows builds only)
CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attacke ...)
	- xulrunner 1.9.1.1-1
	[etch] - xulrunner <not-affected> (only affects firefox 3.5)
	[lenny] - xulrunner <not-affected> (only affects firefox 3.5)
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of servi ...)
	- xulrunner <not-affected> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 b ...)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK,  ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly  ...)
	- neon27 0.28.6-1 (low; bug #542926)
	[lenny] - neon27 <no-dsa> (Minor issue)
	- neon26 0.26.4-3 (low; bug #542926)
	[lenny] - neon26 <no-dsa> (Minor issue)
	- neon <removed> (low; bug #542926)
	[etch] - neon <no-dsa> (Minor issue)
	- gnome-vfs2 <removed>
	NOTE: affected neon code copy present in gnome-vfs2 [./imported/*]
	- litmus 0.13-1
	NOTE: affected neon code copy present in litmus [./libneon/*]
	NOTE: The new reintroduced litmus package removes the embedded copy
CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect recur ...)
	- neon27 <not-affected> (neon27 is compiled to use libxml2 instead of expat)
	- neon26 <not-affected> (neon26 is compiled to use libxml2 instead of expat)
	- neon <removed>
	[etch] - neon <not-affected> (neon is compiled to use libxml2 instead of expat)
CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrappe ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not prop ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote S ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element  ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3 ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
	NOTE: related issue to CVE-2009-1194
CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attac ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers t ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozil ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base6 ...)
	{DSA-2025-1 DSA-1931-1}
	- nspr 4.8.2-1
	- icedove 3.0~rc2-2
	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird al ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2491 (The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solari ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2490 (Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Sof ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2489 (Unspecified vulnerability in the utdmsession program in Sun Ray Server ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2488 (Unspecified vulnerability in the NFSv4 module in the kernel in Sun Sol ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2487 (Use-after-free vulnerability in the frpr_icmp function in the ipfilter ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2486 (Unspecified vulnerability in the SCTP implementation in Sun Solaris 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2485 (Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attacker ...)
	NOT-FOR-US: HT-MP3Player
CVE-2009-2483 (libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local  ...)
	NOT-FOR-US: NetBSD
CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 befo ...)
	NOT-FOR-US: NetBSD OpenPAM
CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when global temp ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does not secu ...)
	- mathtex 1.03-1 (low; bug #537253)
CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when  ...)
	- mathtex 1.03-1 (medium; bug #537253)
	NOTE: severity set to medium as this is used in several web applications for conversions
CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded befor ...)
	{DSA-1917-1}
	- mimetex 1.50-1.1 (medium; bug #537254)
	NOTE: set impact to medium as this is used in several web applications for conversions
CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100  ...)
	NOT-FOR-US: Sun Fire V215 Server
CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remot ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remot ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin. ...)
	NOT-FOR-US: @mail
CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6,  ...)
	NOT-FOR-US: Citrix Web Interface
CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3  ...)
	NOT-FOR-US: Citrix XenApp
CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unk ...)
	NOT-FOR-US: Citrix Licensing
CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2 ...)
	NOT-FOR-US: MIM:InfiniX
CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...)
	- xulrunner 1.9.1.2-1 (bug #537104)
	[lenny] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
	[etch] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Arm ...)
	NOT-FOR-US: Tall Emu Online Armor Personal Firewall
CVE-2009-2449 (Directory traversal vulnerability in maillinglist/admin/change_config. ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Gue ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2445 (Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun  ...)
	NOT-FOR-US: Sun ONE Web Server
CVE-2009-2444 (Directory traversal vulnerability in maillinglist/setup/step1.php.inc  ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-2443 (Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to  ...)
	NOT-FOR-US: Siteframe
CVE-2009-2442 (Cross-site scripting (XSS) vulnerability in public/index.php in Linea2 ...)
	NOT-FOR-US: Linea21
CVE-2009-2441 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Gue ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2440 (Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook ...)
	NOT-FOR-US: JNM Guestbook
CVE-2009-2439 (Multiple SQL injection vulnerabilities in Web Development House Alibab ...)
	NOT-FOR-US: Web Development House Alibaba
CVE-2009-2438 (Cross-site scripting (XSS) vulnerability in index.php in the search mo ...)
	NOT-FOR-US: ClanSphere
CVE-2009-2437 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Re ...)
	NOT-FOR-US: MyPHPDating
CVE-2009-2436 (SQL injection vulnerability in page.php in Online Dating Software MyPH ...)
	NOT-FOR-US: MyPHPDating
CVE-2009-2435 (The Sametime server in IBM Lotus Instant Messaging and Web Conferencin ...)
	NOT-FOR-US: IBM Lotus
CVE-2009-2434 (Buffer overflow in the syscall implementation in IBM AIX 5.3 allows lo ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft Int ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to obta ...)
	- wordpress 2.8.3-1 (unimportant; bug #537146)
	NOTE: Installation path is a known fact on a Debian package installation
CVE-2009-2431 (WordPress 2.7.1 places the username of a post's author in an HTML comm ...)
	- wordpress 2.8.3-1 (unimportant; bug #537146)
	NOTE: Minor information leak
CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and  ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in c ...)
	NOT-FOR-US: SmartFilter Web Gateway Security
CVE-2009-2428 (Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow ...)
	NOT-FOR-US: Tausch Ticket Script
CVE-2009-2427 (SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows re ...)
	NOT-FOR-US: Jobbr
CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in src/or/rel ...)
	- tor 0.2.0.35-1 (low; bug #537148)
	[lenny] - tor 0.2.0.35-1~lenny1
CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of servi ...)
	- tor 0.2.0.35-1 (low; bug #537148)
	[lenny] - tor 0.2.0.35-1~lenny1
CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2 ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009 allows  ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2422 (The example code for the digest authentication functionality (http_aut ...)
	- rails 2.3.5-1 (bug #535896)
	[lenny] - rails <not-affected> (vulnerable code not present, introduced in 2.3.x)
CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command functio ...)
	{DSA-1877-1}
	- mysql-dfsg-5.0 <removed> (low; bug #536726)
	[squeeze] - mysql-dfsg-5.0 5.0.51a-24+lenny2
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
	- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
	NOTE: hostname validition is not implemented until 1.14, so etch
	NOTE: is in a way is not affected, but in another sense, it is
	NOTE: completely affected since no validation done at all
CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in App ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol hand ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in W ...)
	- webkit 1.1.10-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2009-2418
	REJECTED
CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is u ...)
	{DSA-1869-1}
	- curl 7.19.5-1.1 (medium; bug #541991)
CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6 ...)
	{DSA-1861-1 DSA-1859-1}
	- libxml2 2.7.3.dfsg-2.1 (low; bug #540865)
	- libxml <removed>
CVE-2009-2415 (Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote  ...)
	{DSA-1853-1}
	- memcached 1.4.1-1 (medium; bug #540379)
	- memcachedb 1.2.0-5 (medium; bug #540381)
	NOTE: the impact varies, on etch this runs as root and is not bound
	NOTE: to the loopback interface by default, memcached is even distributed
	NOTE: but fortunately not in a stable release.
CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6 ...)
	{DSA-1861-1 DSA-1859-1}
	- libxml2 2.7.3.dfsg-2.1 (medium; bug #540865)
	- libxml <removed>
CVE-2009-2413
	REJECTED
CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR) librar ...)
	{DSA-1854-1}
	- apr 1.3.8-1
	- apr-util 1.3.9+dfsg-1
CVE-2009-2411 (Multiple integer overflows in the libsvn_delta library in Subversion b ...)
	{DSA-1855-1}
	- subversion 1.6.4dfsg-1
CVE-2009-2410 (The local_handler_callback function in server/responder/pam/pam_LOCAL_ ...)
	- sssd <not-affected> (Fixed before initial upload to the archive)
CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in  ...)
	{DSA-1935-1 DSA-1888-1 DSA-1874-1}
	- nss 3.12.3-1 (low; bug #539895)
	- openssl 0.9.8k-4 (low; bug #539899)
	[etch] - openssl 0.9.8c-4etch8
	- gnutls26 2.4.2-5 (low; bug #539901)
	- openjdk-6 6b17~pre3-1 (low)
	- gnutls13 <removed>
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in fs/ec ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-5 (medium)
	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
	- linux-2.6.24 <removed>
CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in fs/ ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-5 (medium)
	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
	- linux-2.6.24 <removed>
CVE-2009-2405 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Console ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla N ...)
	{DSA-2025-1 DSA-1874-1}
	- nss 3.12.3-1 (low; bug #539934)
	- icedove 2.0.0.24-1 (low)
CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to c ...)
	NOT-FOR-US: SCMPX
CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in PHPEch ...)
	NOT-FOR-US: PHPEcho
CVE-2009-2401 (Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows ...)
	NOT-FOR-US: PHPEcho
CVE-2009-2400 (SQL injection vulnerability in the PHP (com_php) component for Joomla! ...)
	NOT-FOR-US: Joomla!
CVE-2009-2399 (PHP remote file inclusion vulnerability in dm-albums/template/album.ph ...)
	NOT-FOR-US: DM FileManager
CVE-2009-2398 (Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80  ...)
	NOT-FOR-US: PHP-Sugar
CVE-2009-2397 (Directory traversal vulnerability in download.php in Audio Article Dir ...)
	NOT-FOR-US: Audio Article Directory
CVE-2009-2396 (PHP remote file inclusion vulnerability in template/album.php in DM Al ...)
	NOT-FOR-US: DM Albums
CVE-2009-2395 (SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta an ...)
	NOT-FOR-US: Joomla!
CVE-2009-2394 (SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Ara ...)
	NOT-FOR-US: SMSPages
CVE-2009-2393 (admin/index.php in Virtuenetz Virtue Online Test Generator does not re ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2392 (SQL injection vulnerability in text.php in Virtuenetz Virtue Online Te ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2391 (Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Vir ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2390 (SQL injection vulnerability in the BookFlip (com_bookflip) component 2 ...)
	NOT-FOR-US: Joomla!
CVE-2009-2389 (Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NE ...)
	NOT-FOR-US: USOLVED NEWSolved
CVE-2009-2388 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows rem ...)
	NOT-FOR-US: Opial
CVE-2009-2387 (Unspecified vulnerability in the proc filesystem in Sun OpenSolaris sn ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-2386 (Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer pl ...)
	NOT-FOR-US: Awingsoft Awakening Winds3D Viewer plugin
CVE-2009-2369 (Integer overflow in the wxImage::Create function in src/common/image.c ...)
	{DSA-1890-1}
	- wxwidgets2.8 2.8.7.1-2 (medium; bug #537174)
	- wxwidgets2.6 2.6.3.2.2-3.1 (medium; bug #537175)
	- wxwindows2.4 <removed> (medium)
CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the Pas ...)
	{DSA-1829-1}
	- sork-passwd-h3 3.1-1.1 (low; bug #536554)
CVE-2009-2385 (SQL injection vulnerability in the awardsMembers function in Sources/P ...)
	NOT-FOR-US: Member Awards component for Simple Machines Forum
CVE-2009-2384 (Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assi ...)
	NOT-FOR-US: Brothersoft PEamp
CVE-2009-2383 (SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites ...)
	NOT-FOR-US: Related Sites plugin for WordPress
CVE-2009-2382 (admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to byp ...)
	NOT-FOR-US: phpMyBlockchecker
CVE-2009-2381 (Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, wh ...)
	NOT-FOR-US: Gizmo
CVE-2009-2380 (Cross-site scripting (XSS) vulnerability in includes/functions.php in  ...)
	NOT-FOR-US: 4images
CVE-2009-2379 (Directory traversal vulnerability in public/index.php in BIGACE Web CM ...)
	NOT-FOR-US: BIGACE Web CMS
CVE-2009-2378 (PHP remote file inclusion vulnerability in formmailer.admin.inc.php in ...)
	NOT-FOR-US: Jax FormMailer
CVE-2009-2377 (Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in ...)
	NOT-FOR-US: AVAX-software Avax Vector ActiveX
CVE-2009-2376 (Cross-site scripting (XSS) vulnerability in the Html::textarea functio ...)
	NOT-FOR-US: TangoCMS
CVE-2009-2375 (Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earl ...)
	NOT-FOR-US: Photo DVD Maker
CVE-2009-2371 (Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not preve ...)
	NOT-FOR-US: Advanced Forum module for Drupal
CVE-2009-2370 (Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before  ...)
	NOT-FOR-US: Advanced Forum module for Drupal
CVE-2009-2368 (Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown ...)
	NOT-FOR-US: Socks Server
CVE-2009-2367 (cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable ses ...)
	NOT-FOR-US: Iomega StorCenter Pro
CVE-2009-2366 (SQL injection vulnerability in login.asp in DataCheck Solutions ForumP ...)
	NOT-FOR-US: DataCheck Solutions ForumPal FE
CVE-2009-2365 (SQL injection vulnerability in login.asp in DataCheck Solutions Galler ...)
	NOT-FOR-US: DataCheck Solutions GalleryPal FE
CVE-2009-2364 (Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers t ...)
	NOT-FOR-US: Mp3-Nator
CVE-2009-2363 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remo ...)
	NOT-FOR-US: KUDRSOFT AudioPLUS
CVE-2009-2362 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows rem ...)
	NOT-FOR-US: KUDRSOFT AudioPLUS
CVE-2009-2361 (SQL injection vulnerability in include/class.staff.php in osTicket bef ...)
	NOT-FOR-US: osTicket
CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context- ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini f ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2357 (The default configuration of TekRADIUS 3.0 uses the sa account to comm ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2356 (Multiple stack-based buffer overflows in the pgsqlQuery function in Nu ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2355 (The forum module in NullLogic Groupware 1.2.7 allows remote authentica ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2354 (SQL injection vulnerability in the auth_checkpass function in the logi ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute arbitra ...)
	- eaccelerator-src <itp> (bug #460341)
CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs i ...)
	- chromium-browser 5.0.375.70~r48679-2
	- webkit <not-affected> (doesn't have a 'view-source' handler)
	NOTE: poc didn't seem to work against 5.0.375.70~r48679-2
	NOTE: chromium security team doesn't consider this a valid security issue
	NOTE: http://crbug.com/40086
CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh head ...)
	NOT-FOR-US: Opera
CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block j ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2349
	RESERVED
CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permis ...)
	NOT-FOR-US: Android
CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in l ...)
	{DSA-1835-1}
	- tiff 3.8.2-13
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before  ...)
	- asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf)
CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 a ...)
	NOT-FOR-US: ClanSphere
CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC)  ...)
	NOT-FOR-US: Sourcefire
CVE-2009-2342 (Cross-site scripting (XSS) vulnerability in admin.php (aka the login p ...)
	NOT-FOR-US: CMME
CVE-2009-2341 (SQL injection vulnerability in albumdetail.php in Opial 1.0 allows rem ...)
	NOT-FOR-US: Opial
CVE-2009-2340 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows rem ...)
	NOT-FOR-US: Opial
CVE-2009-2339 (SQL injection vulnerability in index.php in Rentventory allows remote  ...)
	NOT-FOR-US: Rentventory
CVE-2009-2338 (Directory traversal vulnerability in includes/startmodules.inc.php in  ...)
	NOT-FOR-US: FreeWebshop.org
CVE-2009-2337 (SQL injection vulnerability in includes/module/book/index.inc.php in w ...)
	NOT-FOR-US: w3b|cms
CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU before 2.8. ...)
	- wordpress 2.8.3-1 (unimportant; bug #536724)
	NOTE: Minor information leak
CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...)
	- wordpress 2.8.3-1 (unimportant; bug #536724)
	NOTE: Minor information leak
CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #536724)
CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ea ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and  ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CM ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensi ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earli ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 all ...)
	NOT-FOR-US: Clicknet CMS
CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor befor ...)
	{DSA-1836-1}
	- fckeditor 1:2.6.4.1-1 (low; bug #536051)
	- moin 1.8.2-2
	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
	[lenny] - moin <no-dsa> (unimportant; provides FCKeditor as example files in /usr/share/doc, but not executable in general case)
	[etch] - moin <not-affected> (doesn't provide FCKeditor sample files)
	- knowledgeroot 0.9.8.5-3
	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
	[etch] - knowledgeroot <not-affected> (doesn't provide FCKeditor sample files)
	- karrigell <removed>
	[etch] - karrigell <not-affected> (doesn't provide FCKeditor sample files)
	- gforge 4.6.99+svn6225-1
	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
	- egroupware <not-affected> (doesn't provide FCKeditor sample files)
	- request-tracker3.8 <not-affected> (doesn't provide FCKeditor sample files)
CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the  ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side JavaSc ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel MV 41 ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator password, and ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Iden ...)
	NOT-FOR-US: IBM Tivoli
CVE-2009-2315
	REJECTED
CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...)
	NOT-FOR-US: Lightweight Availability Collection Tool
CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 al ...)
	{DSA-1940-1}
	- php5 5.2.10.dfsg.1-2 (low; bug #535888)
	- php4 <removed> (low; bug #535897)
	NOTE: 5.3.0 (in experimental) is not affected
CVE-2009-XXXX [apache2: htaccess override]
	- apache2 2.2.9-1 (low; bug #535886)
	[etch] - apache2 2.2.3-4+etch8
	NOTE: fixed in etch in DSA-1816-1
CVE-2009-XXXX [xscreensaver: symlink attack enables local information disclosure]
	- xscreensaver <not-affected> (does not run setuid in debian)
	NOTE: http://bugs.debian.org/535870
CVE-2009-XXXX [libdkim: signature parsing is not thread-safe]
	- libdkim 1:1.0.19-4 (unimportant; bug #532740)
	NOTE: This is mostly a missing feature, it's unlikely that any threaded application
	NOTE: is using libdkim in the current state, so the practical impact is none
CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input]
	- mimedecode <removed> (low; bug #530430)
	[etch] - mimedecode <no-dsa> (minor issue)
	[lenny] - mimedecode <no-dsa> (minor issue)
CVE-2009-2313 (Directory traversal vulnerability in index.php in Jinzora Media Jukebo ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2009-2312 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in c ...)
	NOT-FOR-US: Secure Computing SmartFilter
CVE-2009-2311 (SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab B ...)
	NOT-FOR-US: rGallery plugin for WoltLab
CVE-2009-2310 (SQL injection vulnerability in include/get_read.php in Extensible-BioL ...)
	NOT-FOR-US: Extensible-BioLawCom CMS
CVE-2009-2309 (SQL injection vulnerability in index.php in Codice CMS 2 allows remote ...)
	NOT-FOR-US: Codice CMS 2
CVE-2009-2308 (Multiple SQL injection vulnerabilities in affiliates.php in the Affili ...)
	NOT-FOR-US: PunBB
CVE-2009-2307 (SQL injection vulnerability in the CWGuestBook module 2.1 and earlier  ...)
	NOT-FOR-US: MDPro
CVE-2009-2306 (The ARD-9808 DVR card security camera stores sensitive information und ...)
	NOT-FOR-US: ARD-9808 DVR card security camera
CVE-2009-2305 (The ARD-9808 DVR card security camera allows remote attackers to cause ...)
	NOT-FOR-US: ARD-9808 DVR card security camera
CVE-2009-2304 (index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote att ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2303 (index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote att ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2302 (Cross-site scripting (XSS) vulnerability in index.php in Aardvark Tops ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2301 (The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gatew ...)
	NOT-FOR-US: AppWall Web Application Firewall
CVE-2009-2300 (The management interface in the phion airlock Web Application Firewall ...)
	NOT-FOR-US: phion airlock Web Application Firewall
CVE-2009-2299 (The Artofdefence Hyperguard Web Application Firewall (WAF) module befo ...)
	NOT-FOR-US: Artofdefence Hyperguard Web Application Firewall
CVE-2009-2298 (Stack-based buffer overflow in rping in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP Network Node Manager rping
CVE-2009-2297 (Unspecified vulnerability in the udp subsystem in the kernel in Sun So ...)
	NOT-FOR-US: kernel in Sun Solaris
CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris befo ...)
	NOT-FOR-US: kernel module in Sun Solaris
CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow c ...)
	{DSA-1912-2 DSA-1832-1}
	- camlimages 1:3.0.1-2 (low; bug #535909)
	- advi 1.6.0-15 (low; bug #550440)
CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 an ...)
	- dillo 3.0-1 (medium; bug #535788)
CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote atta ...)
	NOT-FOR-US: Optimum Web Design Tutorial Share
CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allow ...)
	NOT-FOR-US: Appleple a-News
CVE-2009-2291 (Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a m ...)
	NOT-FOR-US: LoginToboggan module for Drupal
CVE-2009-2290 (SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) c ...)
	NOT-FOR-US: Joomla!
CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade  ...)
	NOT-FOR-US: Arcade Trade Script
CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel  ...)
	{DSA-1846-1 DSA-1845-1}
	- linux-2.6 2.6.30-2 (low)
	- linux-2.6.24 <removed>
	- kvm 88+dfsg-2 (low; bug #557737)
CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allo ...)
	{DSA-1835-1}
	- tiff 3.8.2-12 (low; bug #534137)
	- tiff3 <not-affected> (fixed prior to initial upload)
	NOTE: this doesn't allow code execution, only a crash.
CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp sc ...)
	NOT-FOR-US: Sun Java Web Console in Solaris
CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical Domains ...)
	NOT-FOR-US: LDoms in Sun Solaris
CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (low; bug #535435)
	- drupal5 <not-affected> (Vulnerable code not present)
	NOTE: http://drupal.org/node/507572
	NOTE: requested CVE id
CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user sign ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (medium; bug #535435)
	- drupal5 <not-affected> (Vulnerable code not present)
	NOTE: http://drupal.org/node/507572
	NOTE: marked as medium as this might lead to code execution if the php filter is enabled
	NOTE: requested CVE id
CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize  ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (low; bug #535435)
	- drupal5 5.18-1.1 (low; bug #535476)
	NOTE: http://drupal.org/node/507572
	NOTE: requested CVE id
CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1  ...)
	- phpmyadmin 4:3.2.0.1-1 (medium; bug #535890)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: affects 3.x branch only
CVE-2009-2280
	RESERVED
CVE-2009-2279
	RESERVED
CVE-2009-2278
	RESERVED
CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Virtua ...)
	NOT-FOR-US: VMware
CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us extens ...)
	NOT-FOR-US: voteforus.php extension for PunBB
CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html  ...)
	NOT-FOR-US: cPanel
CVE-2009-2274 (The Huawei D100 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2273 (The default configuration of the Wi-Fi component on the Huawei D100 do ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2272 (The Huawei D100 stores the administrator's account name and password i ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2271 (The Huawei D100 has (1) a certain default administrator password for t ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2270 (Unrestricted file upload vulnerability in member/uploads_edit.php in d ...)
	NOT-FOR-US: dedecms
CVE-2009-2269 (SQL injection vulnerability in Empire CMS 5.1 allows remote attackers  ...)
	NOT-FOR-US: Empire CMS
CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain Controlle ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5. ...)
	- vmware-package <removed>
CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote attacker ...)
	NOT-FOR-US: OXID eShop
CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in  ...)
	{DSA-1914-1}
	- mapserver 5.4.2-1 (medium; bug #535340)
	NOTE: https://www.openwall.com/lists/oss-security/2009/06/22/2
CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4 ...)
	{DSA-1836-1}
	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
	NOTE: http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager
	- moin 1.8.2-2
	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
	[lenny] - moin <unfixed> (unimportant)
	[etch] - moin <not-affected> (Vulnerable code not present)
	NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc)
	- request-tracker3.8 <not-affected> (Vulnerable code not present)
	- egroupware 1.6.002+dfsg-1 (low)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
	- gforge 4.6.99+svn6225-1
	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
	- knowledgeroot 0.9.8.5-3 (medium; bug #538722)
	- karrigell <removed>
	[etch] - karrigell <not-affected> (Vulnerable code not present)
	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
CVE-2009-2264
	RESERVED
CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega Fil ...)
	NOT-FOR-US: Mega File Manager
CVE-2009-2262 (PHP remote file inclusion vulnerability in install/di.php in AjaxPorta ...)
	NOT-FOR-US: AjaxPortal
CVE-2009-2261 (PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remot ...)
	NOT-FOR-US: PeaZIP
CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the contents ...)
	- stardict 3.0.1-5 (low; bug #534731)
	[etch] - stardict <not-affected> (netdict plugin not yet present)
	[lenny] - stardict 3.0.1-4+lenny1
CVE-2009-2259
	REJECTED
CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the administrati ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware 3. ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2256 (The administrative web interface on the Netgear DG632 with firmware 3. ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2255 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative au ...)
	NOT-FOR-US: Zen Cart
CVE-2009-2254 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative au ...)
	NOT-FOR-US: Zen Cart
CVE-2009-2253
	RESERVED
CVE-2009-2252
	RESERVED
CVE-2009-2251
	RESERVED
CVE-2009-2250
	RESERVED
CVE-2009-2249
	RESERVED
CVE-2009-2248
	RESERVED
CVE-2009-2247
	RESERVED
CVE-2009-2246
	RESERVED
CVE-2009-2245
	RESERVED
CVE-2009-2244
	RESERVED
CVE-2009-2243 (SQL injection vulnerability in active_appointments.asp in ASP Inline C ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2242 (SQL injection vulnerability in active_appointments.asp in ASP Inline C ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2241 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline C ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2240 (Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka  ...)
	NOT-FOR-US: Web Conference Room Free
CVE-2009-2239 (SQL injection vulnerability in the (1) casinobase (com_casinobase), (2 ...)
	NOT-FOR-US: Joomla! components
CVE-2009-2238 (Unrestricted file upload vulnerability in includes/shared_scripts/wysi ...)
	NOT-FOR-US: DMXReady Registration Manager
CVE-2009-2237 (Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x- ...)
	NOT-FOR-US: contributed Views Bulk Operations module for Drupal
CVE-2009-2236 (SQL injection vulnerability in yad-admin/login.php in Your Article Dir ...)
	NOT-FOR-US: Your Articles Directory
CVE-2009-2235 (SQL injection vulnerability in page.php in Your Articles Directory all ...)
	NOT-FOR-US: Your Articles Directory
CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call C ...)
	NOT-FOR-US: VICIDIAL Call Center Suite
CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow  ...)
	{DSA-1830-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceape 1.1.17-1
	[squeeze] - iceape <not-affected> (only provides a stub for XPCOM)
	[lenny] - iceape <not-affected> (Only provides a stub for XPCOM)
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <not-affected> (mail suite not compiled)
	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-33.html
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495057
CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before  ...)
	- zoph 0.7.5-1 (low; bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
CVE-2009-XXXX [udev: creates aacraid devices that are rw by group floppy]
	- udev 0.141-1 (low; bug #530245; bug #462655; bug #404927)
	[lenny] - udev <no-dsa> (Minor issue)
	[etch] - udev <no-dsa> (minor issue)
CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execut ...)
	{DSA-1825-1}
	- nagios3 3.0.6-5
	- nagios2 <removed>
	NOTE: http://secunia.com/advisories/35543
CVE-2009-2286 (Buffer overflow in compface 1.5.2 and earlier allows user-assisted att ...)
	- libcompface 1:1.5.2-5 (unimportant; bug #534973)
CVE-2009-2233 (The admin interface in AWScripts.com Gallery Search Engine 1.5 allows  ...)
	NOT-FOR-US: AWScripts.com Gallery Search Engine
CVE-2009-2232 (SQL injection vulnerability in image.php in Softbiz Banner Ad Manageme ...)
	NOT-FOR-US: Softbiz Banner Ad Management Script
CVE-2009-2231 (MIDAS 1.43 allows remote attackers to bypass authentication and obtain ...)
	NOT-FOR-US: MIDAS
CVE-2009-2230 (SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka  ...)
	NOT-FOR-US: MyBB
CVE-2009-2229 (Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5  ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-2228 (Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-2227 (Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.2 ...)
	NOT-FOR-US: Bopup Communication Server
CVE-2009-2226 (Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/1 ...)
	NOT-FOR-US: Let's PHP! Tree BBS
CVE-2009-2225 (Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial  ...)
	NOT-FOR-US: SureThing CD/DVD Labeler
CVE-2009-2224 (Directory traversal vulnerability in ang/shared/flags.php in AN Guestb ...)
	NOT-FOR-US: AN Guestbook
CVE-2009-2223 (Directory traversal vulnerability in locms/smarty.php in LightOpenCMS  ...)
	NOT-FOR-US: LightOpenCMS
CVE-2009-2222 (Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier allow ...)
	NOT-FOR-US: PHP-I-BOARD
CVE-2009-2221 (Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlie ...)
	NOT-FOR-US: PHP-I-BOARD
CVE-2009-2220 (Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, wh ...)
	NOT-FOR-US: Tribiq CMS
CVE-2009-2219 (Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExcha ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2218 (Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchan ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2217 (Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows r ...)
	NOT-FOR-US: NBBC
CVE-2009-2216 (Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmi ...)
	NOT-FOR-US: DirectAdmin
CVE-2009-2215 (Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6. ...)
	NOT-FOR-US: URD
CVE-2009-2214 (The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier al ...)
	NOT-FOR-US: Citrix Secure Gateway
CVE-2009-2213 (The default configuration of the Security global settings on the Citri ...)
	NOT-FOR-US: Citrix NetScaler Access Gateway
CVE-2009-2212 (The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-2211 (Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Ra ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-2209 (SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 al ...)
	NOT-FOR-US: RS-CMS
CVE-2009-2208 (FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the SIO ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-2
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
CVE-2009-2207 (The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone  ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2206 (Multiple heap-based buffer overflows in the AudioCodecs library in the ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in  ...)
	NOT-FOR-US: Mac OS X
CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple iPho ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan befor ...)
	NOT-FOR-US: Admin application in Apple Xsan
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...)
	- kdelibs <not-affected>
	- webkit <not-affected> (gtk-based frame loader not affected)
	- qt4-x11 <not-affected>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
	NOTE: http://trac.webkit.org/changeset/44905
	NOTE: http://trac.webkit.org/changeset/44909
CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 4. ...)
	- kdelibs <not-affected>
	- webkit <not-affected> (problem with look-alike character rendering with mac-specific fonts)
	- qt4-x11 <not-affected>
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies  ...)
	NOT-FOR-US: Apple GarageBand
CVE-2009-2197 (Apple Safari before 9.1 allows remote attackers to spoof the user inte ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote a ...)
	- webkit 1.1.12-1 (medium)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 <not-affected>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
	NOTE: http://trac.webkit.org/changeset/45696
CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file descrip ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 all ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete ...)
	NOT-FOR-US: MobileMe in Apple Mac OS X
CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X 10.4.11  ...)
	NOT-FOR-US: Login Window in Apple Mac OS X
CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers t ...)
	NOT-FOR-US: launchd in Apple Mac OS X
CVE-2009-2189 (The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme B ...)
	NOT-FOR-US: Apple
CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and S ...)
	NOT-FOR-US: ImageIO in Apple Mac OS X
CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementat ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465  ...)
	NOT-FOR-US: Adobe Shockwave Playe
CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongsw ...)
	{DSA-1899-1 DSA-1898-1}
	- strongswan 4.2.14-1.2 (bug #533837)
	- openswan 1:2.6.22+dfsg-1
CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in Gravy Me ...)
	NOT-FOR-US: Gravy Media Photo
CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in Campsite 3. ...)
	NOT-FOR-US: Campsite
CVE-2009-2182 (Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 R ...)
	NOT-FOR-US: Campsite
CVE-2009-2181 (Cross-site scripting (XSS) vulnerability in admin-files/templates/list ...)
	NOT-FOR-US: Campsite
CVE-2009-2180 (Multiple directory traversal vulnerabilities in upfiles/index.php in P ...)
	NOT-FOR-US: Pc4 Uploader
CVE-2009-2179 (SQL injection vulnerability in search.php in phpDatingClub 3.7 allows  ...)
	NOT-FOR-US: phpDatingClub
CVE-2009-2178 (Cross-site scripting (XSS) vulnerability in website.php in phpDatingCl ...)
	NOT-FOR-US: phpDatingClub
CVE-2009-2177 (code/display.php in fuzzylime (cms) 3.03a and earlier, when magic_quot ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a  ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in fl ...)
	- gnome-xcf-thumbnailer 1.0-1.1 (low; bug #601735)
	[lenny] - gnome-xcf-thumbnailer <no-dsa> (Minor issue)
	- xcftools 1.0.7-1 (low; bug #533361)
	[etch] - xcftools 1.0.4-1+etch1
	[lenny] - xcftools 1.0.4-1+lenny1
CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service (cra ...)
	- gupnp 0.12.6-3.1 (low; bug #534594)
	[etch] - gupnp <no-dsa> (Minor issue)
	[lenny] - gupnp <no-dsa> (Minor issue)
CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...)
	NOT-FOR-US: Carom3D
CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in th ...)
	NOT-FOR-US: Radio and TV Player addon for vBulletin
CVE-2009-2169 (Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX ...)
	NOT-FOR-US: Edraw PDF Viewer
CVE-2009-2168 (cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a ...)
	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus  ...)
	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS Inventory NG b ...)
	- ocsinventory-server 1.02.1-1 (unimportant; bug #531735)
	NOTE: README.Debian states Important: access to the reports server should be restricted
CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.0 ...)
	NOT-FOR-US: SerendipityNZ (aka SimpleBoxes) Serene Bach
CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, w ...)
	NOT-FOR-US: kjtechforce
CVE-2009-2163 (Cross-site scripting (XSS) vulnerability in login/default.aspx in Site ...)
	NOT-FOR-US: Sitecore CMS
CVE-2009-2162 (Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiM ...)
	NOT-FOR-US: XOOPS MANIAC PukiWikiMod module
CVE-2009-2161 (Directory traversal vulnerability in backend/admin-functions.php in To ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2160 (TorrentTrader Classic 1.09 allows remote attackers to (1) obtain confi ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2159 (backup-database.php in TorrentTrader Classic 1.09 does not require adm ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2158 (account-recover.php in TorrentTrader Classic 1.09 chooses random passw ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2157 (Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 a ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2156 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader C ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2155 (Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do ...)
	NOT-FOR-US: WebNMS
CVE-2009-2154 (SQL injection vulnerability in admin/login.php in Impleo Music Collect ...)
	NOT-FOR-US: Impleo Music Collection
CVE-2009-2153 (Cross-site scripting (XSS) vulnerability in index.php in Impleo Music  ...)
	NOT-FOR-US: Impleo Music Collection
CVE-2009-2152 (SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows re ...)
	NOT-FOR-US: AdaptWeb
CVE-2009-2151 (Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allow ...)
	NOT-FOR-US: AdaptWeb
CVE-2009-2150 (Multiple cross-site request forgery (CSRF) vulnerabilities in Campus V ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2149 (Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual- ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2148 (SQL injection vulnerability in news/index.php in Campus Virtual-LMS al ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2147 (SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and ear ...)
	NOT-FOR-US: phpWebThings
CVE-2009-2146 (Unrestricted file upload vulnerability in the Compose Email feature in ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2145 (Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 ...)
	NOT-FOR-US: transLucid
CVE-2009-2144 (SQL injection vulnerability in the FireStats plugin before 1.6.2-stabl ...)
	NOT-FOR-US: FireStats plugin for WordPress
CVE-2009-2143 (PHP remote file inclusion vulnerability in firestats-wordpress.php in  ...)
	NOT-FOR-US: FireStats plugin for WordPress
CVE-2009-2142 (Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store ...)
	NOT-FOR-US: Zip Store Chat
CVE-2009-2141 (Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01 ...)
	NOT-FOR-US: TBDev.NET
CVE-2009-2140 (Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/e ...)
	- openoffice.org <not-affected> (bug introduced by a patch not applied to the deb)
CVE-2009-2139 (Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow rem ...)
	NOT-FOR-US: TBDev.NET
CVE-2009-2137 (Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n ...)
	NOT-FOR-US: Ultra-SPARC T2 crypto provider device driver in Sun Solaris 10
CVE-2009-2136 (Unspecified vulnerability in the TCP/IP networking stack in Sun Solari ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-2135 (Multiple race conditions in the Solaris Event Port API in Sun Solaris  ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-2134 (pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obt ...)
	NOT-FOR-US: Pivot
CVE-2009-2133 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 an ...)
	NOT-FOR-US: Pivot
CVE-2009-2132 (Directory traversal vulnerability in global.php in 4images before 1.7. ...)
	NOT-FOR-US: 4images
CVE-2009-2131 (Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier  ...)
	NOT-FOR-US: 4images
CVE-2009-2130 (Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) ...)
	NOT-FOR-US: Elvin
CVE-2009-2129 (Cross-site request forgery (CSRF) vulnerability in login.php in Elvin  ...)
	NOT-FOR-US: Elvin
CVE-2009-2128 (SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 all ...)
	NOT-FOR-US: Elvin
CVE-2009-2127 (Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin ...)
	NOT-FOR-US: Elvin
CVE-2009-2126 (Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin bef ...)
	NOT-FOR-US: Elvin
CVE-2009-2125 (delete_bug.php in Elvin before 1.2.1 does not require administrative p ...)
	NOT-FOR-US: Elvin
CVE-2009-2124 (Directory traversal vulnerability in page.php in Elvin 1.2.0 allows re ...)
	NOT-FOR-US: Elvin
CVE-2009-2123 (Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote att ...)
	NOT-FOR-US: Elvin
CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo Palmonari Phot ...)
	NOT-FOR-US: Photoracer plugin for WordPress
CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before 2.0.172. ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 befo ...)
	{DSA-1822-1}
	- mahara 1.1.5-1 (low)
CVE-2009-2171 (Mahara 1.1 before 1.1.5 does not apply permission checks when saving a ...)
	- mahara 1.1.5-1 (low)
	[lenny] - mahara <not-affected> (vulnerable code introduced in 1.1)
CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow ...)
	NOT-FOR-US: TekBase
CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface (my.lo ...)
	NOT-FOR-US: FirePass
CVE-2009-2118 (Integer overflow in IrfanView 4.23, when the resampling or screen fitt ...)
	NOT-FOR-US: IrfanView
CVE-2009-2117 (uye_paneli.php in phPortal 1.0 allows remote attackers to bypass authe ...)
	NOT-FOR-US: phPortal
CVE-2009-2116 (Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r2 ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2115 (admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated admini ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2114 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Sk ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2113 (Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote at ...)
	NOT-FOR-US: FretsWeb
CVE-2009-2112 (Directory traversal vulnerability in include/page_bottom.php in phpFK  ...)
	NOT-FOR-US: phpFK
CVE-2009-2111 (Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 ...)
	NOT-FOR-US: DB Top Site
CVE-2009-2110 (Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when ...)
	NOT-FOR-US: DB Top Sites 1.0
CVE-2009-2109 (Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow rem ...)
	NOT-FOR-US: FretsWeb
CVE-2009-2108 (git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cau ...)
	{DSA-1841-2 DSA-1841-1}
	- git-core 1:1.6.3.3-1 (medium; bug #532935)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
CVE-2009-XXXX [moin: heirarchical ACL vulnerability]
	- moin 1.8.4-1 (unimportant; bug #533673)
	NOTE: Not a specific vulnerability, rather a security-related behaviour change, see bug
	[etch] - moin <not-affected> (vulnerable code not present in 1.5.3-1.2etch2)
CVE-2009-XXXX [pcsc-lite: creates world-writable directory]
	- pcsc-lite 1.5.4-1 (low; bug #533670)
	[etch] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
	[lenny] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers]
	- squid <not-affected>
	- squid3 <not-affected>
	NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
	- lighttpd <not-affected>
CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in We ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUsers]
	- request-tracker3.6 3.6.8-1 (low; bug #532990)
	[lenny] - request-tracker3.6 3.6.7-5+lenny1
	[etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
	- request-tracker3.4 <not-affected> (flaw introduced in 3.6.2; bug #534498)
	- request-tracker3.8 3.8.4-1
CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ex ...)
	NOT-FOR-US: Virtual Civil Services extension for TYPO3
CVE-2009-2105 (SQL injection vulnerability in the References database (t3references)  ...)
	NOT-FOR-US: References database extension for TYPO3
CVE-2009-2104 (Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Com ...)
	NOT-FOR-US: Modern Guestbook extension for TYPO3
CVE-2009-2103 (SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player)  ...)
	NOT-FOR-US: Frontend MP3 Player extension for TYPO3
CVE-2009-2102 (SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and ...)
	NOT-FOR-US: Jumi component for Joomla
CVE-2009-2101 (Directory traversal vulnerability in archive.php in TorrentVolve 1.4,  ...)
	NOT-FOR-US: TorrentVolve
CVE-2009-2100 (Directory traversal vulnerability in the JoomlaPraise Projectfork (com ...)
	NOT-FOR-US: JoomlaPraise component for Joomla
CVE-2009-2099 (SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss ...)
	NOT-FOR-US: iJoomla RSS Feeder component for Joomla
CVE-2009-2098 (SQL injection vulnerability in topicler.php in phPortal 1.0 allows rem ...)
	NOT-FOR-US: phPortal
CVE-2009-2097 (SQL injection vulnerability in system/application/controllers/catalog. ...)
	NOT-FOR-US: Zoki Catalog
CVE-2009-2096 (SQL injection vulnerability in house/listing_view.php in phpCollegeExc ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2095 (PHP remote file inclusion vulnerability in template/simpledefault/admi ...)
	NOT-FOR-US: Mundi Mail
CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise bef ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere Partner Ga ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not pro ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2091 (The System Management/Repository component in IBM WebSphere Applicatio ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System Management/Reposito ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2089 (The Migration component in IBM WebSphere Application Server (WAS) 6.1  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere Applicatio ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application Server (WA ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2086
	REJECTED
CVE-2009-2085 (The Security component in IBM WebSphere Application Server (WAS) 6.1 b ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 befor ...)
	{DSA-1776-1}
	- slurm-llnl 1.3.15-1 (bug #524980)
	[lenny] - slurm-llnl 1.3.6-1lenny3
CVE-2009-2083 (Cross-site scripting (XSS) vulnerability in the term data detail page  ...)
	NOT-FOR-US: Taxonomy
CVE-2009-2082 (SQL injection vulnerability in insidepage.php in Creative Web Solution ...)
	NOT-FOR-US: Creative Web Solutions Multi-Level CMS
CVE-2009-2081 (Directory traversal vulnerability in help.php in phpWebThings 1.5.2 an ...)
	NOT-FOR-US: phpWebThings
CVE-2009-2080 (admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict ...)
	NOT-FOR-US: MRCGIGUY
CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative page in ...)
	NOT-FOR-US: Taxonomy
CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x be ...)
	NOT-FOR-US: Booktree module for drupal
CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenti ...)
	- drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6,  ...)
	- drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drup ...)
	NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2 ...)
	NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-XXXX [backuppc: web frontend installed insecurely by default]
	- backuppc 3.1.0-6
	[lenny] - backuppc 3.1.0-4lenny1
CVE-2009-XXXX [clamav scanner bypass with archives]
	- clamav 0.95.2+dfsg-1 (low; bug #535881)
	[lenny] - clamav <no-dsa> (Inherent to the concept of malware concept)
	[etch] - clamav <no-dsa> (Support was discontinued)
	NOTE: http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html
CVE-2009-2073 (Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wir ...)
	NOT-FOR-US: Linksys
CVE-2009-2072 (Apple Safari does not require a cached certificate before displaying a ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate for a (1 ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT r ...)
	NOT-FOR-US: Opera
CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached certificate for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2068 (Google Chrome detects http content in https web pages only when the to ...)
	- chromium-browser 5.0.342.9~r43360-1
CVE-2009-2067 (Opera detects http content in https web pages only when the top-level  ...)
	NOT-FOR-US: Opera
CVE-2009-2066 (Apple Safari detects http content in https web pages only when the top ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2065 (Mozilla Firefox 3.0.10, and possibly other versions, detects http cont ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-2064 (Microsoft Internet Explorer 8, and possibly other versions, detects ht ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2063 (Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response bef ...)
	NOT-FOR-US: Opera
CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response be ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.1 ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to determine th ...)
	NOT-FOR-US: Opera
CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine the c ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header to dete ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to ca ...)
	NOT-FOR-US: Cisco
CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2051 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x  ...)
	NOT-FOR-US: Cisco
CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco
CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0( ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration interfa ...)
	NOT-FOR-US: Cisco
CVE-2009-2047 (Directory traversal vulnerability in the Administration interface in C ...)
	NOT-FOR-US: Cisco
CVE-2009-2046 (The embedded web server on the Cisco Video Surveillance 2500 Series IP ...)
	NOT-FOR-US: Cisco
CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3, as us ...)
	NOT-FOR-US: Cisco
CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...)
	- xulrunner <not-affected> (uses external cairo library)
	- cairo 1.8.8-2 (unimportant)
	NOTE: http://cgit.freedesktop.org/cairo/commit/?id=2cf82eaf0d08e68b787bb0792da97e73d8d4ce38
	NOTE: Just a crasher
CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remot ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images w ...)
	{DSA-2032-1}
	- libpng 1.2.37-1 (low; bug #533676)
	[etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
	- xulrunner <not-affected> (xulrunner dynamically linked against libpng; embeded code copy not used)
CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0. ...)
	NOT-FOR-US: activeCollab
CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, wh ...)
	NOT-FOR-US: Grestul
CVE-2009-2039 (Unspecified vulnerability in the Luottokunta module before 1.3 for osC ...)
	NOT-FOR-US: Luottokunta module for osCommerce
CVE-2009-2038 (Unspecified vulnerability in the Finnish Bank Payment module 2.2 for o ...)
	NOT-FOR-US: Finnish Bank Payment module 2.2 for osCommerce
CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades &amp; At ...)
	NOT-FOR-US: Online Grades
CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1 allows rem ...)
	NOT-FOR-US: Open Biller
CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a module fo ...)
	NOT-FOR-US: Service module for Drupal
CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3, when re ...)
	NOT-FOR-US: Yogurt
CVE-2009-2033 (Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 al ...)
	NOT-FOR-US: Yogurt
CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, w ...)
	NOT-FOR-US: PDshopPro
CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount pe ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature verification fu ...)
	NOT-FOR-US: IBM OS/400
CVE-2009-2029 (Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 b ...)
	NOT-FOR-US: Adobe
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the dtsco ...)
	NOT-FOR-US: CA Software Delivery
CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers to byp ...)
	NOT-FOR-US: DM FileManager
CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the  ...)
	NOT-FOR-US: Vlad Titarenko ASP VT Auth
CVE-2009-2023 (SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when ...)
	NOT-FOR-US: Shop-Script
CVE-2009-2022 (fipsCMS Light 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: fipsCMS
CVE-2009-2021 (SQL injection vulnerability in search.php in Virtue Classifieds allows ...)
	NOT-FOR-US: Virtue Classifieds allows
CVE-2009-2020 (Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue  ...)
	NOT-FOR-US: News Manager
CVE-2009-2019 (SQL injection vulnerability in news_detail.php in Virtue News Manager  ...)
	NOT-FOR-US: Virtue News Manager
CVE-2009-2018 (SQL injection vulnerability in admin/index.php in Jared Eckersley MyCa ...)
	NOT-FOR-US: Jared Eckersley MyCars
CVE-2009-2017 (SQL injection vulnerability in products.php in Virtue Book Store allow ...)
	NOT-FOR-US: Virtue Book Store
CVE-2009-2016 (SQL injection vulnerability in products.php in Virtue Shopping Mall al ...)
	NOT-FOR-US: Virtue Shopping Mall
CVE-2009-2015 (Directory traversal vulnerability in includes/file_includer.php in the ...)
	NOT-FOR-US: com_moofaq for Joomla!
CVE-2009-2014 (SQL injection vulnerability in the ComSchool (com_school) component 1. ...)
	NOT-FOR-US: com_school for Joomla!
CVE-2009-2013 (SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3 ...)
	NOT-FOR-US: Frontis
CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through s ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probabl ...)
	NOT-FOR-US: Worldweaver DX Studio Player
CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family Connecti ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2009-2009 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, a ...)
	NOT-FOR-US: Dokeos
CVE-2009-2008 (Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly e ...)
	NOT-FOR-US: Dokeos
CVE-2009-2007 (Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and poss ...)
	NOT-FOR-US: Dokeos
CVE-2009-2006 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, a ...)
	NOT-FOR-US: Dokeos
CVE-2009-2005 (Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and p ...)
	NOT-FOR-US: Dokeos
CVE-2009-2004 (Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php  ...)
	NOT-FOR-US: Dokeos
CVE-2009-2003 (Ascad Networks Password Protector SD 1.3.1 allows remote attackers to  ...)
	NOT-FOR-US: Ascad Networks Password Protector
CVE-2009-2002 (Unspecified vulnerability in the WebLogic Portal component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-2001 (Unspecified vulnerability in the PL/SQL component in Oracle Database 1 ...)
	NOT-FOR-US: Oracle Database
CVE-2009-2000 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1999 (Unspecified vulnerability in the Business Intelligence Enterprise Edit ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1998 (Unspecified vulnerability in the Oracle Communications Order and Servi ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2009-1997 (Unspecified vulnerability in the Authentication component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in Oracle D ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1993 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1992 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1991 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1990 (Unspecified vulnerability in the Business Intelligence Enterprise Edit ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component i ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile M ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - E ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle Applications Manager
CVE-2009-1985 (Unspecified vulnerability in the Network Authentication component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1984 (Unspecified vulnerability in the Application Install component in Orac ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client component i ...)
	NOT-FOR-US: Siebel Product Suite
CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1979 (Unspecified vulnerability in the Network Authentication component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle Appli ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA WebLogic
CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1972 (Unspecified vulnerability in the Auditing component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1971 (Unspecified vulnerability in the Data Pump component in Oracle Databas ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) Or ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) Or ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1965 (Unspecified vulnerability in the Net Foundation Layer component in Ora ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1964 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in Oracl ...)
	NOT-FOR-US: Oracle Database
CVE-2009-XXXX [predictable random number generator used in web browsers]
	- webkit 1.2 (low; bug #532514)
	NOTE: The implementations for UNIX seems fine, might be fixed earlier
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdebase <unfixed> (unimportant; bug #532519)
	- w3m <unfixed> (unimportant; bug #532521)
	NOTE: w3m doesn't have Javascript support and the boundary issue is harmles
	- chromium-browser 26.0.1410.43-1 (bug #520324)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: chromium has provides window.crypto.getRandomValues as a strong random number generator
	NOTE: https://code.google.com/p/chromium/issues/detail?id=246054
	- lynx 2.8.7rel.1-1 (unimportant; bug #532520)
	NOTE: lynx doesn't have Javascript and form-data support
	- dillo <not-affected> (bug #532522)
	NOTE: These issues can be fixed in more recent upstream versions, but the risk
	NOTE: of regression doesn't outweigh the issue at hand
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2 ...)
	{DSA-1844-1}
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Affected code was introduced in 2.6.19)
	[lenny] - linux-2.6 2.6.26-16
	- linux-2.6.24 <removed>
	NOTE: fixed in lenny 5.0.2 release
CVE-2009-1959 (Off-by-one error in the event_wallops function in fe-common/irc/fe-eve ...)
	- irssi 0.8.13-2 (low; bug #532607; bug #531357)
	[lenny] - irssi 0.8.12-7
	[etch] - irssi 0.8.10-3
	NOTE: exploitability limited, DoS rather obscure attack scenario
CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache APR-uti ...)
	- apr-util 1.3.7+dfsg-1 (low)
	[lenny] - apr-util 1.2.12+dfsg-8+lenny3
CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Ap ...)
	{DSA-1812-1}
	- apr-util 1.3.7+dfsg-1 (medium)
CVE-2009-1954 (Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 a ...)
	NOT-FOR-US: IBM AIX
CVE-2009-1953 (IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSph ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2009-1952 (Multiple SQL injection vulnerabilities in the administrative login fea ...)
	NOT-FOR-US: PropertyMax
CVE-2009-1951 (Cross-site scripting (XSS) vulnerability in index.php in PropertyMax P ...)
	NOT-FOR-US: PropertyMax
CVE-2009-1950 (SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allow ...)
	NOT-FOR-US: WebEyes Guest Book
CVE-2009-1949 (import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote at ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1948 (Multiple directory traversal vulnerabilities in forum.php in Unclassif ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1947 (SQL injection vulnerability in the UnbDbEncode function in unb_lib/dat ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1946 (PHP remote file inclusion vulnerability in latestposts.php in AdaptBB  ...)
	NOT-FOR-US: AdaptBB
CVE-2009-1945 (SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allow ...)
	NOT-FOR-US: cWebCal
CVE-2009-1944 (Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attac ...)
	NOT-FOR-US: AIMP
CVE-2009-1943 (Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet ...)
	NOT-FOR-US: SafeNet SoftRemote
CVE-2009-1942 (Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2 ...)
	NOT-FOR-US: Quiz module for Drupal
CVE-2009-1941 (PAD Site Scripts 3.6 stores sensitive information under the web docume ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-1940 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: Joomla!
CVE-2009-1939 (Cross-site scripting (XSS) vulnerability in the JA_Purity template for ...)
	NOT-FOR-US: Joomla!
CVE-2009-1938 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5. ...)
	NOT-FOR-US: Joomla!
CVE-2009-1937 (Cross-site scripting (XSS) vulnerability in the comment posting featur ...)
	NOT-FOR-US: LightNEasy
CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a  ...)
	NOT-FOR-US: cpCommerce
CVE-2009-1935 (Integer overflow in the pipe_build_write_buffer function (sys/kern/sys ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-2
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in  ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117,  ...)
	NOT-FOR-US: Solaris
CVE-2009-XXXX [pgp4pine off-by-one]
	- pgp4pine <removed> (bug #457947; medium)
	[etch] - pgp4pine <no-dsa> (Contrib not supported)
	[lenny] - pgp4pine <no-dsa> (Contrib not supported)
	NOTE: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html
	NOTE: unlike the note states this is not just an off-by-one, classic stack-based buffer overflow
CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) user_end ...)
	{DSA-1839-1}
	- gst-plugins-good0.10 0.10.15-2 (medium; bug #531631; bug #532352)
CVE-2009-1931
	RESERVED
CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Serv ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client A ...)
	NOT-FOR-US: ActiveX
CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active Director ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1927
	REJECTED
CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gol ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1921
	REJECTED
CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 fo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 fo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to execute a ...)
	NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...)
	NOT-FOR-US: ICQ
CVE-2009-1914 (The pci_register_iommu_region function in arch/sparc/kernel/pci_common ...)
	{DSA-1844-1}
	- linux-2.6 2.6.29-1 (low; bug #532722)
	[lenny] - linux-2.6 2.6.26-16
	- linux-2.6.24 <removed>
	NOTE: updated in lenny 5.0.2 release
CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic ...)
	NOT-FOR-US: LuxBum
CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka admin/_inc ...)
	NOT-FOR-US: QuiXplorer
CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows  ...)
	NOT-FOR-US: RTWebalbum
CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and  ...)
	NOT-FOR-US: Skip
CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, an ...)
	NOT-FOR-US: Skip
CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in claroline/linker/notfound. ...)
	NOT-FOR-US: Claroline
CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before F ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
	{DSA-1860-1}
	- ruby1.8 1.8.7.173-1 (low; bug #532689)
	- ruby1.9 <removed> (bug #575778)
	NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows remo ...)
	- libapache-mod-security 2.5.9-1
CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote atta ...)
	- libapache-mod-security 2.5.9-1
CVE-2009-1901 (The Security component in IBM WebSphere Application Server (WAS) 6.0.2 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1900 (The Configservice APIs in the Administrative Console component in IBM  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1899 (Unspecified vulnerability in the Administrative Configservice API in t ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1898 (The secure login page in the Administrative Console component in IBM W ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, w ...)
	- dokuwiki 0.0.20090214b-1 (unimportant)
	NOTE: we don't support setups with register_globals enabled
CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in ...)
	- linux-2.6 2.6.30-3 (high; bug #537409)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
	NOTE: http://seclists.org/fulldisclosure/2009/Jul/0241.html
CVE-2009-1896 (The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b ...)
	- openjdk-6 6b16-1.6-1 (bug #542210)
CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3 has a  ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-3 (low)
	[etch] - linux-2.6 <not-affected> (mmap_min_addr first indroduced in 2.6.23)
	- linux-2.6.24 <removed>
CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local us ...)
	{DSA-1838-1}
	- pulseaudio 0.9.15-4.1 (high; bug #537351)
	[etch] - pulseaudio <not-affected> (vulnerable code not present)
CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for DHCP 3.0. ...)
	NOT-FOR-US: Red Hat dhcpd init script for DHCP
CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and ...)
	{DSA-1833-2}
	- isc-dhcp 3.1.2p1-2 (low; bug #539492)
	- dhcp3 3.1.2p1-2 (low; bug #549584)
	[etch] - dhcp3 <not-affected> (problematic assert is not present)
	[lenny] - dhcp3 3.1.1-6+lenny2
CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses l ...)
	{DSA-1834-1}
	- apache2 2.2.11-7 (medium; bug #534712)
CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy mo ...)
	{DSA-1834-1}
	- apache2 2.2.11-7 (medium; bug #536718)
	[etch] - apache2 <not-affected> (bug introduced in 2.2.5)
	[lenny] - apache2 2.2.9-10+lenny4
CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...)
	- pidgin 2.5.8-1 (low; bug #535790)
	[lenny] - pidgin <no-dsa> (Minor issue)
	NOTE: http://developer.pidgin.im/ticket/9483
	NOTE: http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba  ...)
	{DSA-1823-1}
	- samba 2:3.3.6-1 (low)
	[etch] - samba <not-affected> (Vulnerable code not present)
	NOTE: Successful exploitation requires that "dos filemode" is set to "yes" in smb.conf.
CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Li ...)
	- net-snmp <not-affected> (Vulnerable code not present)
	NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and stable.
CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient ...)
	{DSA-1823-1}
	- samba 2:3.3.6-1
	[etch] - samba <not-affected> (Vulnerable code not present)
	NOTE: Only the 3.2.x branch was affected, so marking 3.3 as affected
CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Ap ...)
	- xerces-c 3.0.1-2 (low; bug #540297)
	[etch] - xerces-c <no-dsa> (Minor issue)
	[lenny] - xerces-c <no-dsa> (Minor issue)
	- xerces-c2 2.8.0+deb1-2 (low; bug #541986)
	[lenny] - xerces-c2 2.8.0-3+lenny1
	- xerces27 <removed>
	[etch] - xerces27 <no-dsa> (Minor issue)
CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the Compress ...)
	- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
	[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the Lin ...)
	{DSA-1929-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (problem was fixed before first upload, 2.6.19)
	NOTE: See Solar Designer's posting to oss-security
CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in Ima ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.5.1.0-1.1 (medium; bug #530838)
	- graphicsmagick 1.3.5-5.1 (medium; bug #530946)
CVE-2009-1881 (Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remot ...)
	NOT-FOR-US: MT312
CVE-2009-1880 (Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remot ...)
	NOT-FOR-US: MT312
CVE-2009-XXXX [OCS Inventory NG SQL Injection Vulnerability]
	- ocsinventory-server 1.02.1-1 (unimportant; bug #531735)
	NOTE: README.Debian states Important: access to the reports server should be restricted
	NOTE: can be exploited only if magic_quotes is off
CVE-2009-3870
	REJECTED
CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...)
	NOT-FOR-US: Adobe Flex
CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier a ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1876 (Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sen ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1875 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusio ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1874 (Multiple cross-site scripting (XSS) vulnerabilities in the Management  ...)
	NOT-FOR-US: Adobe JRun
CVE-2009-1873 (Directory traversal vulnerability in logging/logviewer.jsp in the Mana ...)
	NOT-FOR-US: Adobe JRun
CVE-2009-1872 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusio ...)
	NOT-FOR-US: Adobe ColdFusion Server
CVE-2009-1871
	REJECTED
CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1867 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1866 (Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1865 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Ad ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1864 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 1 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 b ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-1859 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat  ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1858 (The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe R ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat  ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe R ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass authen ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board 2. ...)
	NOT-FOR-US: Kensei Board
CVE-2009-1852 (Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow r ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2009-1851 (SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and  ...)
	NOT-FOR-US: phpBugTracker
CVE-2009-1850 (SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows ...)
	NOT-FOR-US: phpBugTracker
CVE-2009-1849 (Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth func ...)
	NOT-FOR-US: PRTG Traffic Grapher
CVE-2009-1848 (SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com ...)
	NOT-FOR-US: JoomlaMe
CVE-2009-1847 (Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 B ...)
	NOT-FOR-US: Easy PX 41 CMS
CVE-2009-1846 (Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418  ...)
	NOT-FOR-US: SiteX
CVE-2009-1845 (Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lu ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2009-1844 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x befo ...)
	{DSA-1808-1}
	- drupal5 5.17-1.1 (low; bug #529191)
	- drupal6 6.11-1.1 (low; bug #529190; bug #531386)
CVE-2009-1843 (Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remo ...)
	NOT-FOR-US: Flash Quiz
CVE-2009-1842 (SQL injection vulnerability in main/tracking/userLog.php in Francisco  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 all ...)
	{DSA-1899-1}
	- strongswan 4.2.14-1.1 (medium; bug #531612)
	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN befo ...)
	{DSA-1899-1}
	- strongswan 4.2.14-1.1 (medium; bug #531612)
	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3 ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before 3.0.11 ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in modules/plug ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8)
CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate lo ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird be ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of se ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1827 (The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to  ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1831 (The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Wina ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2009-1830 (Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote a ...)
	NOT-FOR-US: Soulseek
CVE-2009-1826 (modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require admi ...)
	NOT-FOR-US: myGesuad
CVE-2009-1825 (modules/admuser.php in myColex 1.4.2 does not require administrative a ...)
	NOT-FOR-US: myColex
CVE-2009-1824 (The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protect ...)
	NOT-FOR-US: ArcaBit ArcaVir
CVE-2009-1823 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...)
	NOT-FOR-US: 3rd party Printer, e-mail and PDF module for Drupal
CVE-2009-1822 (Multiple PHP remote file inclusion vulnerabilities in the InterJoomla  ...)
	NOT-FOR-US: Joomla!
CVE-2009-1821 (DMXReady Registration Manager 1.1 stores sensitive information under t ...)
	NOT-FOR-US: DMXReady Registration Manager
CVE-2009-1820 (Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Cus ...)
	NOT-FOR-US: 2daybiz Custom T-shirt Design Script
CVE-2009-1819 (SQL injection vulnerability in product.php in 2daybiz Custom T-shirt D ...)
	NOT-FOR-US: 2daybiz Custom T-shirt Design Script
CVE-2009-1818 (SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 a ...)
	NOT-FOR-US: MaxCMS
CVE-2009-1817 (Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attacker ...)
	NOT-FOR-US: DigiMode Maya
CVE-2009-1816 (SQL injection vulnerability in admin.php in My Game Script 2.0 allows  ...)
	NOT-FOR-US: My Game Script
CVE-2009-1815 (Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b all ...)
	NOT-FOR-US: Sonic Spot Audioactive Player
CVE-2009-1814 (SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier a ...)
	NOT-FOR-US: PHPenpals
CVE-2009-1813 (Multiple SQL injection vulnerabilities in admin/index.php in Submitter ...)
	NOT-FOR-US: Submitter Script
CVE-2009-1812 (Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) al ...)
	NOT-FOR-US: myGesuad
CVE-2009-1811 (Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 ...)
	NOT-FOR-US: myGesuad
CVE-2009-1810 (Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote a ...)
	NOT-FOR-US: myColex
CVE-2009-1809 (Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 a ...)
	NOT-FOR-US: myColex
CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20  ...)
	{DSA-1942-1}
	- wireshark 1.0.8-1 (low; bug #533347)
	[lenny] - wireshark 1.0.2-3+lenny6
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of servi ...)
	NOT-FOR-US: Microsoft
CVE-2009-1807 (Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 ...)
	NOT-FOR-US: Baofeng
CVE-2009-1806 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 r ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time Accounting dr ...)
	NOT-FOR-US: VMware (experimental feature anyway)
CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in VideoScri ...)
	NOT-FOR-US: videoscript
CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, ...)
	NOT-FOR-US: FreePBX
CVE-2009-1802 (Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX  ...)
	NOT-FOR-US: FreePBX
CVE-2009-1801 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1,  ...)
	NOT-FOR-US: FreePBX
CVE-2009-1800 (Stack-based buffer overflow in the Chinagames CGAgent ActiveX control  ...)
	NOT-FOR-US: Chinagames
CVE-2009-1799 (Multiple SQL injection vulnerabilities in the getGalleryImage function ...)
	NOT-FOR-US: ST-Gallery
CVE-2009-1798 (Multiple cross-site scripting (XSS) vulnerabilities on the Network Man ...)
	NOT-FOR-US: APC
CVE-2009-1797 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Netw ...)
	NOT-FOR-US: APC
CVE-2009-1796 (Cross-site scripting (XSS) vulnerability in Sun Java System Portal Ser ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2009-1795
	RESERVED
CVE-2009-1794
	RESERVED
CVE-2009-1793
	RESERVED
CVE-2009-1792 (The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka  ...)
	NOT-FOR-US: StoneTrip Ston3D StandalonePlayer
CVE-2009-1790 (Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2. ...)
	NOT-FOR-US: CGI Rescue Trees
CVE-2009-1787 (Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteS ...)
	NOT-FOR-US: PHP Dir Submit
CVE-2009-1786 (The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users ...)
	NOT-FOR-US: IBM AIX libc
CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...)
	NOT-FOR-US: Ulteo Open Virtual Desktop
CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus pro ...)
	NOT-FOR-US: AVG anti-virus
CVE-2009-1783 (Multiple FRISK Software F-Prot anti-virus products, including Antiviru ...)
	NOT-FOR-US: FRISK Software F-Prot anti-virus
CVE-2009-1782 (Multiple F-Secure anti-virus products, including Anti-Virus for Micros ...)
	NOT-FOR-US: F-Secure anti-virus
CVE-2009-1781 (Static code injection vulnerability in admin.php in Frax.dk Php Recomm ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1780 (admin.php in Frax.dk Php Recommend 1.3 and earlier does not require au ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1779 (PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Re ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1778 (SQL injection vulnerability in the new user registration feature in Bi ...)
	NOT-FOR-US: BigACE CMS
CVE-2009-1777 (CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1. ...)
	NOT-FOR-US: Matt Wright FormMail
CVE-2009-1776 (Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in  ...)
	NOT-FOR-US: Matt Wright FormMail
CVE-2009-1775 (Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virt ...)
	NOT-FOR-US: Ulteo Open Virtual Desktop
CVE-2009-1774 (Directory traversal vulnerability in plugins/ddb/foot.php in Strawberr ...)
	NOT-FOR-US: Strawberry
CVE-2009-1773 (activeCollab 2.1 Corporate allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: activeCollab
CVE-2009-1772 (Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate ...)
	NOT-FOR-US: activeCollab
CVE-2009-1771 (index.php in Flyspeck CMS 6.8 does not require administrative authenti ...)
	NOT-FOR-US: Flyspeck CMS
CVE-2009-1770 (Directory traversal vulnerability in includes/database/examples/addres ...)
	NOT-FOR-US: Flyspeck CMS
CVE-2009-1769 (The web interface in Open Computer and Software Inventory Next Generat ...)
	- ocsinventory-server 1.02.1-1 (unimportant; bug #529344)
	NOTE: README.Debian states Important: access to the reports server should be restricted
CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS 0 ...)
	NOT-FOR-US: Rama Zaiten CMS
CVE-2009-1767 (admin/edituser.php in 2daybiz Template Monster Clone does not require  ...)
	NOT-FOR-US: 2daybiz Template Monster Clone
CVE-2009-1766 (SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows re ...)
	NOT-FOR-US: LightOpenCMS
CVE-2009-1765 (Multiple directory traversal vulnerabilities in pluck 4.6.2, when regi ...)
	NOT-FOR-US: pluck CMS
CVE-2009-1764 (SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remot ...)
	NOT-FOR-US: MaxCMS
CVE-2009-1763 (Unspecified vulnerability in the Solaris Secure Digital slot driver (a ...)
	NOT-FOR-US: Solaris
CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess l ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-XXXX [radare-common insecure temp files handling]
	- radare 1.4-1 (low)
CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windo ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...)
	{DSA-1815-1}
	- libtorrent-rasterbar 0.14.4-1 (medium)
CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function (trun ...)
	{DSA-1817-1}
	- ctorrent 1.3.4-dnh3.2-1.1 (medium; bug #530255)
CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as app ...)
	{DSA-1809-1}
	- linux-2.6 2.6.28-1 (low; bug #536148)
	- linux-2.6.24 <removed>
CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 be ...)
	- transmission 1.61-1 (low)
	[lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
	[etch] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
CVE-2009-1754 (The PackageManagerService class in services/java/com/android/server/Pa ...)
	NOT-FOR-US: Android
CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access to (1 ...)
	NOT-FOR-US: exJune Office Message System
CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware Technol ...)
	NOT-FOR-US: Realty Web-Base
CVE-2009-1750 (Unrestricted file upload vulnerability in VidSharePro allows remote au ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1749 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ca ...)
	NOT-FOR-US: Catviz
CVE-2009-1748 (Multiple directory traversal vulnerabilities in index.php in Catviz 0. ...)
	NOT-FOR-US: Catviz
CVE-2009-1747 (SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 al ...)
	NOT-FOR-US: bSpeak
CVE-2009-1746 (SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0  ...)
	NOT-FOR-US: Dian Gemilang DGNews
CVE-2009-1745 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x  ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1744 (InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in  ...)
	NOT-FOR-US: Pinnacle
CVE-2009-1743 (Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinna ...)
	NOT-FOR-US: Pinnacle
CVE-2009-1742 (code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for re ...)
	NOT-FOR-US: PC4Arb Pc4 Uploader
CVE-2009-1741 (Multiple SQL injection vulnerabilities in login.php in DM FileManager  ...)
	NOT-FOR-US: DM FileManager
CVE-2009-1740 (Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer Active ...)
	NOT-FOR-US: D-Link MPEG4 Viewer
CVE-2009-1739 (PAD Site Scripts 3.6 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-1738 (Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before  ...)
	NOT-FOR-US: Feed Block
CVE-2009-1737 (Directory traversal vulnerability in bom.php in MyPic 2.1 allows remot ...)
	NOT-FOR-US: MyPic
CVE-2009-1736 (SQL injection vulnerability in the GridSupport (GS) Ticket System (com ...)
	NOT-FOR-US: GridSupport component for Joomla
CVE-2009-1735 (Cross-site scripting (XSS) vulnerability in search.php in VidSharePro  ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro allows ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...)
	- ipplan 4.91a-1.1 (unimportant; bug #530271)
	NOTE: Only exploitable with admin rights
CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in IPpla ...)
	{DSA-1827-1}
	- ipplan 4.91a-1.1 (low; bug #530271)
CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows re ...)
	NOT-FOR-US: MLFFAT
CVE-2009-1730 (Multiple directory traversal vulnerabilities in NetMechanica NetDecisi ...)
	NOT-FOR-US: NetDecision TFTP Server
CVE-2009-1729 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2009-1728 (Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before ...)
	NOT-FOR-US: Image RAW in Apple Mac OS X
CVE-2009-1727 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 ...)
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and  ...)
	NOT-FOR-US: ColorSync in Apple Mac OS X
CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1,  ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.13-1 (medium; bug #538346)
	- qt4-x11 4:4.5.2-2 (medium; bug #538347)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	- kdelibs <not-affected> (medium; bug #538350)
	- kde4libs <not-affected> (medium; bug #538349)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=513813#c18
	NOTE: patch http://trac.webkit.org/changeset/44799/
	NOTE: PoC http://web.archive.org/web/20110813092643/https://cevans-app.appspot.com/static/webkitentityoffbyone.html
CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- qt4-x11 <not-affected> (bug #538403)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- webkit 1.1.13-1 (low; bug #538402)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)
	NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in OpenEX ...)
	{DSA-1842-1}
	- openexr 1.6.1-1 (medium; bug #540424)
CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in ...)
	{DSA-1842-1}
	- openexr 1.6.1-4.1 (medium; bug #540424)
CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-de ...)
	{DSA-1842-1}
	- openexr 1.6.1-4.1 (medium; bug #540424)
CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...)
	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote attacker ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/44010
CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allo ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly prot ...)
	NOT-FOR-US: CFNetwork in Apple
CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/31890
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.3-1 (low)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: http://trac.webkit.org/changeset/36359
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not p ...)
	{DSA-1988-1}
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	NOTE: http://trac.webkit.org/changeset/34533
CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of l ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	NOTE: http://trac.webkit.org/changeset/41568
CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize memory  ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	NOTE: http://trac.webkit.org/changeset/36918
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-1
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/35157
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation  ...)
	{DSA-1866-1}
	- webkit 0~svn32442-1
	NOTE: fixed in upstream commit http://trac.webkit.org/changeset/32230
	- kdelibs <not-affected> (vulnerable code in kdegraphics)
	- kde4libs <not-affected> (Vulnerable code not present)
	- kdegraphics 4:4.0 (medium; bug #534951)
	NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series)
CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari befo ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on Windows doe ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not properly u ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image fi ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
	NOTE: http://trac.webkit.org/changeset/42533
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42216
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in W ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained, only affects fringe apps)
	- kdelibs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: invasive patch to backport.
	NOTE: http://trac.webkit.org/changeset/40881
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone O ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/38065
CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before 4.0 ...)
	{DSA-1988-1}
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	NOTE: http://trac.webkit.org/changeset/42081
	- qt4-x11 4:4.5.2-1
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534949)
	- kde4libs 4:4.3.0-1 (medium)
CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPh ...)
	{DSA-1950-1}
	- webkit 1.1.15.2-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/41262
CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/39510
	NOTE: http://trac.webkit.org/changeset/39553
CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42223
CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/35935
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: http://trac.webkit.org/changeset/35928
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <removed> (unimportant)
	- qt4-x11 4:4.6.2-4 (unimportant)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
	NOTE: http://trac.webkit.org/changeset/41741
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/32791
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	NOTE: http://trac.webkit.org/changeset/42532
	- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534952)
	- kde4libs 4:4.3.0-1 (medium; bug #534949)
	NOTE: http://websvn.kde.org/?view=rev&revision=983316
	- qt4-x11 4:4.5.2-1 (medium; bug #534947)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
	NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
	NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	- kdelibs 4:3.5.10.dfsg.1-2.1 (bug #534952)
	- kde4libs 4:4.3.0-1
	NOTE: http://trac.webkit.org/changeset/41854
	- qt4-x11 4:4.5.2-1 (medium; bug #534946)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/31431
CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	- webkit 1.0.1-4 (bug #535793)
	- kdelibs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/34574
CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42365
CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhon ...)
	NOT-FOR-US: iPhone
CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended V ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iP ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	NOTE: http://trac.webkit.org/changeset/42333
CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod tou ...)
	NOT-FOR-US: Safari in Apple iPhone OS
CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
	NOT-FOR-US: iPhone
CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (m ...)
	- slim 1.3.1-2 (low; bug #529306)
	[lenny] - slim 1.3.0-1+lenny2
CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in packet.c ...)
	{DSA-1803-1}
	- nsd3 3.2.2-1 (medium; bug #529418)
	- nsd 2.3.7-3 (medium; bug #529420)
	NOTE: VU#710316
CVE-2009-1753 (Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a ...)
	- coccinelle 0.1.7.deb-3 (low)
CVE-2009-1678 (Directory traversal vulnerability in the saveFeed function in rss/feed ...)
	NOT-FOR-US: Bitweaver
CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed functio ...)
	NOT-FOR-US: Bitweaver
CVE-2009-1676
	REJECTED
CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows r ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1674 (Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-as ...)
	NOT-FOR-US: Microchip MPLAB IDE
CVE-2009-1673 (The kernel in Sun Solaris 9 allows local users to cause a denial of se ...)
	NOT-FOR-US: SunOS
CVE-2009-1672 (The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Su ...)
	NOT-FOR-US: ActiveX
CVE-2009-1671 (Multiple buffer overflows in the Deployment Toolkit ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2009-1670 (user/index.php in TCPDB 3.8 does not require administrative authentica ...)
	NOT-FOR-US: TCPDB
CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in ...)
	{DSA-1919-1}
	- smarty 2.6.26-0.1 (low; bug #529810)
	[etch] - smarty <not-affected> (Vulnerable code not present)
	[lenny] - smarty <no-dsa> (Minor issue)
CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: TYPSoft
CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows r ...)
	NOT-FOR-US: CastRipper
CVE-2009-1666 (Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50 ...)
	NOT-FOR-US: CycloMedia CycloScopeLite
CVE-2009-1665 (myaccount.php in Easy Scripts Answer and Question Script allows remote ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1664 (myaccount.php in Easy Scripts Answer and Question Script does not veri ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1663 (Unrestricted file upload vulnerability in myaccount.php in Easy Script ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1662 (Multiple SQL injection vulnerabilities in admin/login.php in Wright Wa ...)
	NOT-FOR-US: Wright Way Services Recipe Script
CVE-2009-1661 (SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when ma ...)
	NOT-FOR-US: uTopic
CVE-2009-1660 (Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows ...)
	NOT-FOR-US: ViPlay3
CVE-2009-1659 (Unrestricted file upload vulnerability in admin/uploadimage.php in eLi ...)
	NOT-FOR-US: eLitius
CVE-2009-1658 (Multiple SQL injection vulnerabilities in admin/admin.php in Realty We ...)
	NOT-FOR-US: Web-Base
CVE-2009-1657 (Multiple SQL injection vulnerabilities in the Starrating plugin before ...)
	NOT-FOR-US: Starrating plugin for b2evolution
CVE-2009-1656 (Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and  ...)
	NOT-FOR-US: Xerox
CVE-2009-1655 (Multiple SQL injection vulnerabilities in myaccount.php in Easy Script ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1654 (Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1653 (Directory traversal vulnerability in examples/tbs_us_examples_0view.ph ...)
	NOT-FOR-US: TinyButStrong
CVE-2009-1652 (admin/adminaddeditdetails.php in Business Community Script does not pr ...)
	NOT-FOR-US: Business Community Script
CVE-2009-1651 (SQL injection vulnerability in admin/member_details.php in 2daybiz Bus ...)
	NOT-FOR-US: 2daybiz
CVE-2009-1650 (Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1  ...)
	NOT-FOR-US: Shutter
CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3 allows r ...)
	NOT-FOR-US: beLive
CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Se ...)
	NOT-FOR-US: yast2-ldap-server on SUSE
CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 al ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allow ...)
	NOT-FOR-US: Mini-stream RM Downloader
CVE-2009-1645 (Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Conve ...)
	NOT-FOR-US: Mini-stream Easy RM-MP Converter
CVE-2009-1644 (Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 all ...)
	NOT-FOR-US: Streaming Audio Player
CVE-2009-1643 (Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows ...)
	NOT-FOR-US: Sorinara Soritong MP3 Player
CVE-2009-1642 (Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Conver ...)
	NOT-FOR-US: Mini-stream ASX to MP3 Converter
CVE-2009-1641 (Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 al ...)
	NOT-FOR-US: Mini-stream Ripper
CVE-2009-1640 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery f ...)
	NOT-FOR-US: Nucleus Data Recovery Kernel Recovery
CVE-2009-1639 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery f ...)
	NOT-FOR-US: Nucleus Data Recovery Kernel Recovery
CVE-2009-1638 (Techno Dreams Job Career Package 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Techno Dreams Job Career Package
CVE-2009-1637 (profile.php in Simple Customer 1.3 does not require administrative aut ...)
	NOT-FOR-US: Simple Customer
CVE-2009-1788 (Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 thr ...)
	{DSA-1814-1 DTSA-202-1}
	- libsndfile 1.0.20-1 (low; bug #528650)
CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 th ...)
	{DSA-1814-1 DTSA-202-1}
	- libsndfile 1.0.20-1 (low; bug #528650)
CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA) component i ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess c ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1634 (The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8. ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel be ...)
	{DSA-1865-1 DSA-1844-1 DSA-1809-1}
	- linux-2.6 2.6.30-1
	- linux-2.6.24 <removed>
CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attacke ...)
	{DSA-1804-1}
	- ipsec-tools 1:0.7.1-1.5 (medium; bug #528933)
CVE-2009-1631 (The Mailer component in Evolution 2.26.1 and earlier uses world-readab ...)
	- evolution 2.29.90-1 (unimportant; bug #526409)
	NOTE: Mostly a security enhancement, only for local users/mail and open homedirs
CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client implemen ...)
	{DSA-1865-1 DSA-1844-1 DSA-1809-1}
	- linux-2.6 2.6.30-1
	- linux-2.6.24 <removed>
CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with pr ...)
	{DSA-1994-1}
	- ajaxterm 0.10-5 (medium; bug #528938)
CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ea ...)
	{DSA-1826-1}
	- eggdrop 1.6.19-1.2 (medium; bug #528778)
CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
	- cron 3.0pl1-106 (low; bug #528434)
	[lenny] - cron <no-dsa> (Minor issue)
	[etch] - cron <no-dsa> (Minor issue)
CVE-2009-1628 (Stack-based buffer overflow in mnet.exe in Unisys Business Information ...)
	NOT-FOR-US: Unisys Business Information Server
CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) Downlo ...)
	NOT-FOR-US: Streaming Download Project (SDP)
CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog before B ...)
	NOT-FOR-US: EZ-Blog
CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox Gallery 2 a ...)
	NOT-FOR-US: Thickbox Gallery 2
CVE-2009-1624 (Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0  ...)
	NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLin ...)
	NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote  ...)
	NOT-FOR-US: EcShop 2.5.0
CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart 1.1.8 allow ...)
	NOT-FOR-US: OpenCart
CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in input.php in Ma ...)
	NOT-FOR-US: MataChat
CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: Teraway FileStream
CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass authentication  ...)
	NOT-FOR-US: Teraway LiveHelp
CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass authenticati ...)
	NOT-FOR-US: Teraway LinkTracker
CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Copper ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4  ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1613 (Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4,  ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1612 (Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control i ...)
	NOT-FOR-US: ActiveX
CVE-2009-1611 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows r ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1610 (admin/changepassword.php in Job Script Job Board Software 2.0 allows r ...)
	NOT-FOR-US: Job Script Job Board Software
CVE-2009-1609 (Unrestricted file upload vulnerability in admin/uploadform.asp in Batt ...)
	NOT-FOR-US: Battle Blog
CVE-2009-1608 (Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly ear ...)
	NOT-FOR-US: Microchip MPLAB IDE
CVE-2009-1607 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: LinkBase
CVE-2009-1606 (Multiple stack-based and heap-based buffer overflows in Dafolo DafoloC ...)
	NOT-FOR-US: Dafolo DafoloControl ActiveX
CVE-2009-1605 (Heap-based buffer overflow in the loadexponentialfunc function in mupd ...)
	NOT-FOR-US: MuPDF
CVE-2009-1604 (Unspecified vulnerability in LimeSurvey before 1.82 allows remote atta ...)
	- limesurvey <itp> (bug #472802)
CVE-2009-1603 (src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used wit ...)
	- opensc 0.11.8 (high; bug #527640)
	[etch] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
	[lenny] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
	NOTE: checked code, public exponent set correctly in etch/lenny versions (CK_BYTE publicExponent[] = { 3 };)
CVE-2009-1602 (Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote a ...)
	NOT-FOR-US: Pablo Software
CVE-2009-1601 (The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+df ...)
	- clamav <not-affected> (Vulnerable code not present)
	NOTE: from what I see this code was never uploaded to the debian archive
CVE-2009-1600 (Apple Safari executes DOM calls in response to a javascript: URI in th ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the targe ...)
	NOT-FOR-US: Opera
CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in t ...)
	- chromium-browser <unfixed> (unimportant)
	- webkit <not-affected> (chrome-specific issue)
	NOTE: it sounds like a "researcher misconception bug" (as seeming explained by Abobe) rather than a security issue
CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the  ...)
	NOT-FOR-US: Openfire
CVE-2009-1595 (The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Real ...)
	NOT-FOR-US: Openfire
CVE-2009-XXXX [More file buffer overflows]
	- file 5.03-1 (bug #525820)
	[etch] - file <not-affected> (CDF code not yet present in 4.x)
	[lenny] - file <not-affected> (CDF code not yet present in 4.x)
CVE-2009-1594 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x  ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1593 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x  ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1592 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows r ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1591 (CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 allo ...)
	NOT-FOR-US: CGI RESCUE Web Mailer
CVE-2009-1590 (Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows r ...)
	NOT-FOR-US: CGI RESCUE FORM2MAIL
CVE-2009-1589 (Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows r ...)
	NOT-FOR-US: CGI RESCUE MiniBBS
CVE-2009-1588 (Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t befo ...)
	NOT-FOR-US: CGI RESCUE MiniBBS
CVE-2009-XXXX [hex-a-hop: buffer overflow in loading save games]
	- hex-a-hop <unfixed> (unimportant; bug #528250)
	NOTE: That's a simple bug, it's silly to treat this as a security issue
CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass authe ...)
	NOT-FOR-US: PHP Site Lock
CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7. ...)
	NOT-FOR-US: GrabIt
CVE-2009-1585 (Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_q ...)
	NOT-FOR-US: TemaTres
CVE-2009-1584 (Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, wh ...)
	NOT-FOR-US: TemaTres
CVE-2009-1583 (Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3  ...)
	NOT-FOR-US: TemaTres
CVE-2009-1582 (Million Dollar Text Links 1.0 does not properly restrict administrator ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not protect the  ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
CVE-2009-1580 (Session fixation vulnerability in SquirrelMail before 1.4.18 allows re ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676
CVE-2009-1579 (The map_yp_alias function in functions/imap_general.php in SquirrelMai ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (medium; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674
	NOTE: doesn't affect every setup
CVE-2009-1578 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670
CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in fin ...)
	- cscope 15.6-1
CVE-2009-1576 (Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.1 ...)
	{DSA-1792-1}
	- drupal6 6.11-1 (bug #526378)
	- drupal5 5.17-1
CVE-2009-1575 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and ...)
	{DSA-1792-1}
	- drupal6 6.11-1 (bug #526378)
	- drupal5 5.17-1
CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attacke ...)
	{DSA-1804-1}
	- ipsec-tools 1:0.7.1-1.4 (medium; bug #527634)
CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0 ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
CVE-2009-1570 (Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-re ...)
	- gimp 2.6.7-1.1 (medium; bug #555929)
CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, 5. ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30 ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox upl ...)
	NOT-FOR-US: ActiveX
CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creato ...)
	NOT-FOR-US: Roxio Easy Media Creator
CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4  ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMwa ...)
	NOT-FOR-US: VMwar
CVE-2009-1563
	REJECTED
CVE-2009-1562
	RESERVED
CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in administration.cgi  ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1560 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1559 (Absolute path traversal vulnerability in adm/file.cgi on the Cisco Lin ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1558 (Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1557 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Links ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1556 (img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with  ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1555 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1554 (Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun W ...)
	NOT-FOR-US: Sun Woodstock
CVE-2009-1553 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin Conso ...)
	NOT-FOR-US: Sun GlassFish Enterprise Server
CVE-2009-1552 (Unspecified vulnerability in the IGMP driver in SCO Unixware Release 7 ...)
	NOT-FOR-US: SCO UnixWare
CVE-2009-1551 (Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 a ...)
	NOT-FOR-US: Qt quickteam
CVE-2009-1550 (Zakkis Technology ABC Advertise 1.0 does not properly restrict access  ...)
	NOT-FOR-US: Zakkis Technology ABC Advertise
CVE-2009-1549 (AGTC MyShop 3.2b allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: AGTC MyShop
CVE-2009-1548 (SQL injection vulnerability in index.php in BluSky CMS allows remote a ...)
	NOT-FOR-US: BluSky CMS
CVE-2009-XXXX [prelude-manager: password world-readable]
	- prelude-manager <not-affected> (The postinst sets correct permissions, see bug #527344)
	NOTE: FEDORA-2009-3931 http://lwn.net/Articles/331612
CVE-2009-XXXX [bash-completion: does not properly quote characters]
	- bash-completion 200811xx~bzr1223 (bug #259987)
	NOTE: adding this reference to track the fact that this has already been addressed by debian security
	NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently
	NOTE: FEDORA-2009-3639 http://lwn.net/Articles/331605
CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling fu ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ha ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1543
	REJECTED
CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 20 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1541
	REJECTED
CVE-2009-1540
	REJECTED
CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Micro ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Micro ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter in quar ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and S ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS)  ...)
	NOT-FOR-US: IIS
CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in Micros ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in Micros ...)
	NOT-FOR-US: Microsoft
CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1530 (Use-after-free vulnerability in Microsoft Internet Explorer 7 for Wind ...)
	NOT-FOR-US: Microsoft
CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...)
	- linux-2.6 2.6.29-5 (high)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...)
	NOT-FOR-US: Directadmin
CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authent ...)
	NOT-FOR-US: Directadmin
CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1. ...)
	- jetty 6.1.19-1 (low; bug #527571)
CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...)
	- jetty 6.1.19-1 (low; bug #528389)
CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 o ...)
	NOT-FOR-US: Tivoli
CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Ma ...)
	NOT-FOR-US: Tivoli
CVE-2009-1520 (Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) ...)
	NOT-FOR-US: Tivoli
CVE-2009-XXXX [moin: XSS in AttachFile.py via attachements]
	- moin 1.8.3-1 (low; bug #526594)
	[lenny] - moin 1.7.1-3+lenny2
	[etch] - moin <not-affected> (Vulnerable code not present)
	NOTE: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
	NOTE: CVE id requested
CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in libmodp ...)
	{DSA-1850-1}
	- libmodplug 1:0.8.7-1 (medium; bug #526084)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug #527077)
	[etch] - libmodplug <not-affected> (Vulnerable code not present)
	NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external libmodplug.
CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 allo ...)
	NOT-FOR-US: Pecio CMS
CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane before 2.3. ...)
	NOT-FOR-US: Beltane
CVE-2009-1517 (Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 A ...)
	NOT-FOR-US: ActiveX
CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX con ...)
	NOT-FOR-US: ActiveX
CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of  ...)
	- chromium-browser 5.0.375.38~r46659-1 (low)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2009-1573 (xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly ot ...)
	- xorg-server 2:1.6.1.901-3 (low; bug #526678)
	[etch] - xorg-server <no-dsa> (minor issue)
	[lenny] - xorg-server <no-dsa> (minor issue)
CVE-2009-1515 (Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c i ...)
	- file 5.02-1
	[lenny] - file <not-affected> (Vulnerable code not present)
	[etch] - file <not-affected> (Vulnerable code not present)
	NOTE: code introduced in 5.xx series
CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows remote aut ...)
	NOT-FOR-US: X-Forum
CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a de ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image Gallery ...)
	NOT-FOR-US: KoschtIT Image Gallery
CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPorta ...)
	NOT-FOR-US: MyioSoft AjaxPortal
CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function in Com ...)
	NOT-FOR-US: X-Forum
CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x ...)
	NOT-FOR-US: Node Access User Reference module for Drupal
CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows re ...)
	NOT-FOR-US: eLitius
CVE-2009-1505 (SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 ...)
	NOT-FOR-US: News Page module for Drupal
CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass authe ...)
	NOT-FOR-US: Absolute Form Processor XE
CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger Document  ...)
	NOT-FOR-US: Tiger Document Management System
CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable an ...)
	NOT-FOR-US: S-Cms
CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x be ...)
	NOT-FOR-US: EXIF module for Drupal
CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows ...)
	NOT-FOR-US: ProjectCMS
CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto) component i ...)
	NOT-FOR-US: com_mailto component for Joomla!
CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game Maker ...)
	NOT-FOR-US: Game Maker 2k Internet Discussion Boards
CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie Pla ...)
	NOT-FOR-US: GOM Player
CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace (com_cmimarke ...)
	NOT-FOR-US: com_cmimarketplace component for Joomla!
CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root  ...)
	NOT-FOR-US: Web File Explorer
CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses memory-allocati ...)
	- memcached 1.2.8-1 (low; bug #526554)
	[lenny] - memcached <not-affected> (Affected compile-time options not set)
	[etch] - memcached <not-affected> (Affected compile-time options not set)
CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe R ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and Acr ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1491 (McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and ...)
	NOT-FOR-US: McAfee GroupShield for Microsoft Exchange
CVE-2009-1490 (Heap-based buffer overflow in Sendmail before 8.13.2 allows remote att ...)
	- sendmail 8.13.2-0
CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend]
	- samba 2:3.2.6 (bug #514151)
	[lenny] - samba 2:3.2.5-4lenny1
	[etch] - samba <not-affected> (Bug not yet present in Etch's version)
CVE-2009-1572 (The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote atta ...)
	{DSA-1788-1}
	- quagga 0.99.11-2 (high; bug #526270)
	[lenny] - quagga 0.99.10-1lenny2
	[etch] - quagga <not-affected> (no AS4 code)
CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass au ...)
	NOT-FOR-US: Fungamez
CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez RC1 al ...)
	NOT-FOR-US: Fungamez
CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1 allows  ...)
	NOT-FOR-US: Fungamez
CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allo ...)
	NOT-FOR-US: Flatchat
CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote attackers  ...)
	NOT-FOR-US: eMule Plus
CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail interface fea ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in Adam Patt ...)
	NOT-FOR-US: Adam Patterson Studio Lounge Address Book
CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFi ...)
	{DSA-1791-1}
	- moin 1.8.3-1 (low; bug #526594)
	[etch] - moin <not-affected> (Not exploitable)
	NOTE: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1
CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) ...)
	NOT-FOR-US: PuterJam's Blog
CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remo ...)
	NOT-FOR-US: Pragyan CMS
CVE-2009-1479 (Directory traversal vulnerability in client/desktop/default.htm in Box ...)
	NOT-FOR-US: Boxalino
CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in S ...)
	NOT-FOR-US: Solaris
CVE-2009-1477 (The https web interfaces on the ATEN KH1516i IP KVM switch with firmwa ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1476 (Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter ( ...)
	NOT-FOR-US: IPFilter
CVE-2009-1475
	RESERVED
CVE-2009-1474 (The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1473 (The (1) Windows and (2) Java client programs for the ATEN KH1516i IP K ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1472 (The Java client program for the ATEN KH1516i IP KVM switch with firmwa ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1471
	RESERVED
CVE-2009-1470
	RESERVED
CVE-2009-1469 (CRLF injection vulnerability in the Forgot Password implementation in  ...)
	NOT-FOR-US: IceWarp
CVE-2009-1468 (Multiple SQL injection vulnerabilities in the search form in server/we ...)
	NOT-FOR-US: IceWarp
CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail S ...)
	NOT-FOR-US: IceWarp
CVE-2009-1466 (Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2)  ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1465 (Application Access Server (A-A-S) 2.0.48 has "wildbat" as its default  ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1464 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.aa ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4 allows remo ...)
	NOT-FOR-US: razorCMS
CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the permis ...)
	NOT-FOR-US: razorCMS
CVE-2009-1461 (Cross-site scripting (XSS) vulnerability in the Create New Page form i ...)
	NOT-FOR-US: razorCMS
CVE-2009-1460 (razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_con ...)
	NOT-FOR-US: razorCMS
CVE-2009-1459 (Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 ...)
	NOT-FOR-US: razorCMS
CVE-2009-1458 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: razorCMS
CVE-2009-1457 (Cross-site scripting (XSS) vulnerability in player.php in Nuke Evoluti ...)
	NOT-FOR-US: Nuke Evolution Xtreme
CVE-2009-1456 (Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows  ...)
	NOT-FOR-US: Malleo
CVE-2009-1455 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebColla ...)
	NOT-FOR-US: WebCollab
CVE-2009-1454 (Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab bef ...)
	NOT-FOR-US: WebCollab
CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4 ...)
	NOT-FOR-US: Tiny Blogr
CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in theme/format.php ...)
	NOT-FOR-US: SMA-DB
CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0. ...)
	NOT-FOR-US: SMA-DB
CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
	NOT-FOR-US: SMA-DB
CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka C ...)
	NOT-FOR-US: CoolPlayer
CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net  ...)
	NOT-FOR-US: LovPop.net
CVE-2009-1447 (Unrestricted file upload vulnerability in admin/editor/image.php in e- ...)
	NOT-FOR-US: e-cart.biz Free Shopping Car
CVE-2009-1446 (Unrestricted file upload vulnerability in upload.php in Elkagroup Imag ...)
	NOT-FOR-US: Elkagroup Image Gallery
CVE-2009-1445 (Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta ...)
	NOT-FOR-US: WebPortal CMS
CVE-2009-1444 (PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS ...)
	NOT-FOR-US: WebPortal CMS
CVE-2009-1443 (Multiple unspecified vulnerabilities in the Server component in OCS In ...)
	- ocsinventory-server 1.02-1 (unimportant)
	NOTE: Only supported in trusted environments, see debtags
CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x befor ...)
	NOT-FOR-US: skia
CVE-2009-1441 (Heap-based buffer overflow in the ParamTraits&lt;SkBitmap&gt;::Read fu ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.2 ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-2 (bug #523365)
	- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp ...)
	{DSA-1851-1 DSA-1850-1}
	- libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076)
	- gst-plugins-bad0.10 0.10.10.2-1 (bug #527075)
	NOTE: gstreamer in unstable dynamically linked to external libmodplug
CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka C ...)
	NOT-FOR-US: CoolPlayer
CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PREREL ...)
	- kfreebsd-7 <not-affected> (Debian/kfreebsd uses glibc)
CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patc ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0. ...)
	- foswiki <itp> (bug #509864)
CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in Sil ...)
	NOT-FOR-US: SilverStripe
CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corpora ...)
	NOT-FOR-US: Symantec
CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec  ...)
	NOT-FOR-US: Symantec
CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Or ...)
	NOT-FOR-US: Symantec
CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...)
	NOT-FOR-US: Symantec
CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...)
	NOT-FOR-US: Symantec
CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause ...)
	NOT-FOR-US: HP-UX
CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, ...)
	NOT-FOR-US: HP ProLiant
CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 o ...)
	NOT-FOR-US: ONCplus on HP HP-UX
CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node Manag ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-1419 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping Inv ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and e ...)
	- gnutls26 2.6.6-1 (low; bug #528281)
	[lenny] - gnutls26 <no-dsa> (Minor issue, explicitly labeled as a test program)
	- gnutls13 <removed>
	[etch] - gnutls13 <no-dsa> (Minor issue, explicitly labeled as a test program)
CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates R ...)
	- gnutls26 2.6.6-1 (medium)
	- gnutls13 <removed>
	[lenny] - gnutls26 <not-affected> (Vulnerable code not present, only affects 2.6.x)
	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not proper ...)
	- gnutls26 2.6.6-1 (medium)
	- gnutls13 <removed>
	[lenny] - gnutls26 <not-affected> (Vulnerable code not present)
	[etch] - gnutls26 <not-affected> (Vulnerable code not present)
	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object persist ac ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page transition, w ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol handler i ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
	- iodine 0.5.1 (low)
	[lenny] - iodine 0.4.2-2~lenny1
CVE-2009-XXXX [ntop: access.log permissions]
	- ntop <not-affected> (fedora-specific configuration issue; debian package not affected)
	NOTE: bug #524801 (http://bugs.debian.org/524801)
CVE-2009-1402
	RESERVED
CVE-2009-1401
	RESERVED
CVE-2009-1400
	RESERVED
CVE-2009-1399
	RESERVED
CVE-2009-1398
	RESERVED
CVE-2009-1397
	RESERVED
CVE-2009-1396
	RESERVED
CVE-2009-1395
	RESERVED
CVE-2009-1394 (Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows  ...)
	NOT-FOR-US: Motorola Timbuktu Pro
CVE-2009-1393
	RESERVED
CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird bef ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in Compress::Raw:: ...)
	- perl 5.10.0-23 (low; bug #532736)
	[etch] - perl <not-affected> (Doesn't yet include Compress-Raw-Zlib)
	- libcompress-raw-zlib-perl 2.015-2 (low; bug #532738)
	[lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
	[lenny] - perl 5.10.0-19lenny1
CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTL ...)
	- mutt 1.5.20-1
	[lenny] - mutt <not-affected> (Affected code was introduced in 1.5.19)
	[etch] - mutt <not-affected> (Affected code was introduced in 1.5.19)
	[squeeze] - mutt <not-affected> (Affected code was introduced in 1.5.19)
CVE-2009-1389 (Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the ...)
	{DSA-1865-1 DSA-1844-1}
	- linux-2.6 2.6.26-16 (high; bug #532376)
	- linux-2.6.24 <removed>
	NOTE: potential for kernel memory corruption by remote attacker
CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.1 ...)
	- linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
	- linux-2.6.24 <not-affected> (problem in redhat-specific kernel patches)
CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in Open ...)
	- openssl 0.9.8k-2 (low; bug #532037)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...)
	- openssl 0.9.8k-1 (low; bug #532037)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1 ...)
	{DSA-1865-1 DSA-1844-1}
	- linux-2.6 2.6.26-16 (low; bug #532721)
	- linux-2.6.24 <removed>
CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RH ...)
	- libpam-krb5 <not-affected> (different code base than Debian's libpam-krb5)
CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded b ...)
	- mathtex 1.03-1 (medium; bug #537258)
CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when  ...)
	{DSA-1917-1}
	- mimetex 1.50-1.1 (medium; bug #537254)
CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in SquirrelMai ...)
	{DSA-1802-2}
	- squirrelmail 2:1.4.19-1
CVE-2009-1380 (Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in  ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment f ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2 ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim)  ...)
	- pidgin 2.5.6-1
	[lenny] - pidgin <not-affected> (QQ support not yet present)
	- gaim <not-affected> (QQ support not yet present)
CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (former ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0 ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf 0.2. ...)
	{DSA-1796-1}
	- libwmf 0.2.8.4-6.1 (low; bug #526434)
CVE-2009-1363
	RESERVED
CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c  ...)
	- linux-2.6 2.6.29-1 (low; bug #529342)
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (Introduced in 2.6.27)
CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...)
	NOT-FOR-US: Seditio CMS
CVE-2009-1410 (SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows  ...)
	NOT-FOR-US: Quick.Cms.Lite
CVE-2009-1409 (SQL injection vulnerability in usersettings.php in e107 0.7.15 and ear ...)
	NOT-FOR-US: e107
CVE-2009-1408 (Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows rem ...)
	NOT-FOR-US: webSPELL
CVE-2009-1407 (Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows ...)
	NOT-FOR-US: NotFTP
CVE-2009-1406 (Directory traversal vulnerability in cms_detect.php in TotalCalendar 2 ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-1405 (Directory traversal vulnerability in index.php in PastelCMS 0.8.0, whe ...)
	NOT-FOR-US: PastelCMS
CVE-2009-1404 (SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magi ...)
	NOT-FOR-US: PastelCMS
CVE-2009-1403 (SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allo ...)
	NOT-FOR-US: CRE Loaded
CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Conver ...)
	NOT-FOR-US: Xilisoft Video Converter
CVE-2009-1369 (moziloCMS 1.11 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1368 (Directory traversal vulnerability in index.php in moziloCMS 1.11 allow ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1367 (Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.1 ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1366 (Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypal ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-1362 (SQL injection vulnerability in administration/index.php in chCounter 3 ...)
	NOT-FOR-US: chCounter
CVE-2009-1361 (dig.php in GScripts.net DNS Tools allows remote attackers to execute a ...)
	NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in Sun Op ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-1357 (CRLF injection vulnerability in da/DA/Login in Sun Java System Delegat ...)
	NOT-FOR-US: Sun Java System Delegated Administrator
CVE-2009-1356 (Stack-based buffer overflow in Elecard AVC HD Player allows remote att ...)
	NOT-FOR-US: Elecard AVC HD Player
CVE-2009-1355 (Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 al ...)
	NOT-FOR-US: IBM AIX
CVE-2009-1354 (Directory traversal vulnerability in Mongoose 2.4 allows remote attack ...)
	NOT-FOR-US: Mongoose
CVE-2009-1353 (Buffer overflow in the http_parse_hex function in libz/misc.c in Zervi ...)
	NOT-FOR-US: Zervit Webserver
CVE-2009-1352 (Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote  ...)
	NOT-FOR-US: PowerCHM
CVE-2009-1351 (Heap-based buffer overflow in Apollo 37zz allows remote attackers to c ...)
	NOT-FOR-US: Apollo 37zz
CVE-2009-1350 (Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client  ...)
	NOT-FOR-US: Novell NetIdentity Client
CVE-2009-1349 (Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allow ...)
	NOT-FOR-US: C2Net Stronghold
CVE-2009-1358 (apt-get in apt before 0.7.21 does not check for the correct error code ...)
	{DSA-1779-1 DTSA-199-1}
	- apt 0.7.21 (bug #433091)
CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2. ...)
	{DSA-1821-1}
	- amule 2.2.5-1.1 (low; bug #525078)
	[etch] - amule <not-affected> (Doesn't support preview of complete files, which is the vulnerable part)
CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, I ...)
	NOT-FOR-US: Various AV junk
CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...)
	NOT-FOR-US: chCounter
CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 all ...)
	NOT-FOR-US: NetHoteles
CVE-2009-1345 (SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows ...)
	NOT-FOR-US: cpCommerce
CVE-2009-1344 (Cross-site scripting (XSS) vulnerability in the Localization client mo ...)
	NOT-FOR-US: Localization client for drupal
CVE-2009-1343 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...)
	NOT-FOR-US: Print module for Drupal
CVE-2009-1342 (Cross-site scripting (XSS) vulnerability in the CCK comment reference  ...)
	NOT-FOR-US: CCK comment module for Drupal
CVE-2009-XXXX [git-core in Debian has non-root-owned files under /usr]
	- git-core 1:1.6.2.1-1 (bug #516669)
	[lenny] - git-core 1:1.5.6.5-3+lenny3.2
	NOTE: fixed accidently through spu
CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (a ...)
	{DSA-1780-1}
	- libdbd-pg-perl 2.1.3-1
CVE-2009-1340
	RESERVED
CVE-2009-1339 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1  ...)
	- twiki <removed> (bug #526258)
	NOTE: We should probably request removal from unstable, replaced by foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux kerne ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before 2 ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-5
	- linux-2.6.24 <removed>
CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly in ...)
	{DSA-1794-1}
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows rem ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html i ...)
	NOT-FOR-US: IBM Tivoli Continuous Data Protection
CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the we ...)
	NOT-FOR-US: HP Deskjet
CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and En ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.526 ...)
	NOT-FOR-US: Windows Media Player
CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
	- pptp-linux 1.7.2-3 (low; bug #523476)
	[lenny] - pptp-linux <no-dsa> (Minor issue)
	[etch] - pptp-linux <no-dsa> (Minor issue)
CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote  ...)
	NOT-FOR-US: Easy RM to MP3 Converter
CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0. ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 al ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allow ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allow ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remot ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0. ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 allow ...)
	NOT-FOR-US: Web File Explorer
CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web roo ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product  ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in include/zstore. ...)
	NOT-FOR-US: Zazzle Store Builder
CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal  ...)
	NOT-FOR-US: GuestCal
CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...)
	NOT-FOR-US: Jamroom
CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quo ...)
	NOT-FOR-US: Aqua CMS
CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote a ...)
	NOT-FOR-US: AbleSpace
CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 a ...)
	NOT-FOR-US: Ablespace
CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ar ...)
	NOT-FOR-US: Web File Explorer
CVE-2009-1313 (The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameTh ...)
	- xulrunner 1.9.0.10-1 (low)
	[etch] - xulrunner <not-affected> (introduced in 1.9.0.9)
	[lenny] - xulrunner <not-affected> (introduced in 1.9.0.9)
CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascr ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-as ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin imple ...)
	{DSA-1886-1}
	- iceweasel 3.0.9-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not proper ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0 ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, T ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbi ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird bef ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird be ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 c ...)
	- mpg123 1.7.2-1 (low)
	[etch] - mpg123 <no-dsa> (Minor issue)
	[lenny] - mpg123 <no-dsa> (Minor issue)
	NOTE: http://secunia.com/advisories/34587/3/
	NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read
	NOTE: crashing the application
CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid da ...)
	{DSA-1779-1 DTSA-199-1}
	- apt 0.7.21 (bug #523213)
CVE-2009-1299 (The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 an ...)
	{DSA-2017-1}
	- pulseaudio 0.9.21-1.1 (bug #573615)
CVE-2009-1298 (The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kern ...)
	{DTSA-204-1}
	- linux-2.6 2.6.32-1 (low)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (introduced in 2.6.29)
CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and S ...)
	- open-iscsi 2.0.871-1 (low; bug #547011)
	[lenny] - open-iscsi 2.0.870~rc3-0.4.1
	[etch] - open-iscsi <not-affected> (Vulnerable script not yet present)
CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubunt ...)
	- ecryptfs-utils 75-2 (unimportant; bug #532372)
	NOTE: this is a non-issue as the debian installer doesn't support per user
	NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in the
	NOTE: installer logs on disk
CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.1 ...)
	NOT-FOR-US: Apport
CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home  ...)
	NOT-FOR-US: Novell Teaming
CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 thr ...)
	NOT-FOR-US: Novell Teaming
CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x befor ...)
	NOT-FOR-US: ClearCase
CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95. ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552
CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in libclamav ...)
	- clamav 0.95.1+dfsg-1
	[etch] - clamav <not-affected> (vulnerable code not present)
	[lenny] - clamav <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552
CVE-2009-1291 (Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartS ...)
	NOT-FOR-US: SmartSockets
CVE-2009-1290 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1289 (private/login.ssi in the Advanced Management Module (AMM) on the IBM B ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1288 (Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Ma ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1287 (Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Serv ...)
	NOT-FOR-US: Cisco Subscriber Edge Services Manager
CVE-2009-1286 (The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 a ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2009-1285 (Static code injection vulnerability in the getConfigFile function in s ...)
	- phpmyadmin 4:3.1.3.2-1 (unimportant; bug #524804)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to c ...)
	- texlive-bin 2009-1 (low; bug #520920)
	[etch] - texlive-bin <no-dsa> (Minor issue)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136
CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided pas ...)
	NOT-FOR-US: glFusion
CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in glFus ...)
	NOT-FOR-US: glFusion
CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allo ...)
	NOT-FOR-US: glFusion
CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the com_ ...)
	NOT-FOR-US: Joomla!
CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 thr ...)
	NOT-FOR-US: Joomla!
CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in Gra ...)
	NOT-FOR-US: Gravity Board
CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0  ...)
	NOT-FOR-US: Gravity Board
CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Sol ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other prod ...)
	- tiles 2.2.0-1
CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...)
	- libpam-ssh 1.92-7 (low; bug #535877)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[lenny] - libpam-ssh 1.91.0-9.3+lenny1
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x befo ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3
	[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before  ...)
	{DSA-1789-1 DSA-1775-1}
	- php5 5.2.9.dfsg.1-1
	- php4 <not-affected> (the JSON extension was introduced in php5.2)
	- php-json-ext <unfixed>
CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows rem ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark <not-affected> (Vulnerable code not present; introduced in 0.99.6)
CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in Wiresh ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark 0.99.4-5.etch.4
CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 th ...)
	- wireshark <not-affected> (Only affects Wireshark on Windows)
CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact ...)
	NOTE: Dupe of CVE-2009-1210
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kern ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-4
	- linux-2.6.24 <removed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and e ...)
	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
	NOT-FOR-US: Joomla!
CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and possi ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9 ...)
	NOT-FOR-US: Web Help Desk
CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earli ...)
	NOT-FOR-US: UltraISO
CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions Adap ...)
	NOT-FOR-US: Insane Visions AdaptBB
CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component 1. ...)
	NOT-FOR-US: Joomla!
CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows re ...)
	NOT-FOR-US: Magic ISO Maker
CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to  ...)
	NOT-FOR-US: FlexCMS
CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2) Memcac ...)
	- memcached 1.2.8-1 (low)
	[etch] - memcached <no-dsa> (Minor issue)
	[lenny] - memcached <no-dsa> (Minor issue)
	[squeeze] - memcached <no-dsa> (Minor issue)
	- memcachedb 1.2.0-3 (low; bug #527330)
	[squeeze] - memcachedb <no-dsa> (Minor issue)
	NOTE: why are weaknesses in security hardening features like ASLR considered minor?
	NOTE: even though this is not directly a vulnerability itself, part of this application's armor is now missing; making it easier for unknown vulnerabilities to be effective.
CVE-2009-1270 (libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cau ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary c ...)
	{DSA-1764-1}
	- tunapie 2.1.17-1
CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary file ...)
	{DSA-1764-1}
	- tunapie 2.1.17-1
CVE-2009-1252 (Stack-based buffer overflow in the crypto_recv function in ntp_crypto. ...)
	{DSA-1801-1}
	- ntp 1:4.2.4p6+dfsg-2 (high; bug #525373)
	NOTE: VU#853097
CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in OpenA ...)
	{DSA-1768-1}
	- openafs 1.4.10+dfsg1-1
CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 ...)
	{DSA-1768-1}
	- openafs 1.4.10+dfsg1-1
	[etch] - openafs 1.4.2-6etch3
CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x be ...)
	NOT-FOR-US: Feed element mapper for Drupal
CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control Pa ...)
	NOT-FOR-US: Acute Control Panel
CVE-2009-1247 (SQL injection vulnerability in login.php in Acute Control Panel 1.0.0  ...)
	NOT-FOR-US: Acute Control Panel
CVE-2009-1246 (Multiple directory traversal vulnerabilities in Blogplus 1.0 allow rem ...)
	NOT-FOR-US: Blogplus
CVE-2009-1245 (Multiple SQL injection vulnerabilities in the insert_to_pastebin funct ...)
	NOT-FOR-US: CCCP Community Clan Portal Pastebin
CVE-2009-1244 (Unspecified vulnerability in the virtual machine display function in V ...)
	NOT-FOR-US: VMware
CVE-2009-1243 (net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocki ...)
	- linux-2.6 <not-affected> (Issue was introduced after 2.6.27 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27 release)
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementati ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.30-1
	[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
	- linux-2.6.24 <removed>
CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote attacker ...)
	- clamav 0.95+dfsg-1 (medium; bug #526042)
	[etch] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
	[lenny] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081 ...)
	NOT-FOR-US: IBM Proventia
CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain situ ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in demuxers/ ...)
	- xine-lib 1.1.16.3-1 (medium; bug #522811)
	- vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and ea ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 1 ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1236 (Heap-based buffer overflow in the AppleTalk networking stack in XNU 12 ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1235 (XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does no ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1234 (Opera 9.64 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Opera
CVE-2009-1233 (Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to ca ...)
	NOT-FOR-US: Safari on Windows
CVE-2009-1232 (Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attacke ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1231 (Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8. ...)
	NOT-FOR-US: DB2
CVE-2009-1230 (Static code injection vulnerability in index.php in Podcast Generator  ...)
	NOT-FOR-US: Podcast Generator
CVE-2009-1229 (SQL injection vulnerability in Arcadwy Arcade Script allows remote att ...)
	NOT-FOR-US: Arcadwy Arcade Script
CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Ar ...)
	NOT-FOR-US: Arcadwy Arcade Script
CVE-2009-1227
	NOT-FOR-US: Check Point
CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does not pr ...)
	NOT-FOR-US: Podcast Generator
CVE-2009-1225 (Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook ...)
	NOT-FOR-US: Turnkey Ebook Store
CVE-2009-1224 (SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.p ...)
	NOT-FOR-US: vsp stats processor
CVE-2009-1223 (aspWebCalendar Free Edition stores sensitive information under the web ...)
	NOT-FOR-US: aspWebCalendar Free Edition
CVE-2009-1222 (Directory traversal vulnerability in index.php in webEdition 6.0.0.4 a ...)
	NOT-FOR-US: webEdition
CVE-2009-1221
	RESERVED
CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in Web ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...)
	NOT-FOR-US: Sun Calendar Express Web Server
CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Ex ...)
	NOT-FOR-US: Sun Calendar Express Web Server
CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll in Mic ...)
	NOT-FOR-US: Windows GDI+
CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c i ...)
	NOTE: Duplicate of CVE-2006-4335, confirmed by Microsoft. They're working on
	NOTE: getting it rejected
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ove ...)
	- screen 4.0.3-13 (low; bug #521123)
	[etch] - screen <not-affected> (etch version predates #433338)
	[lenny] - screen 4.0.3-11+lenny1
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with  ...)
	- screen 4.0.3-13 (bug #521123)
	[lenny] - screen 4.0.3-11+lenny1
	NOTE: documented behaviour "or the public accessible screen-exchange", see man screen
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in B ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
	NOTE: should this really be considered minor?  see fedora bug and FSA:
	NOTE: - https://bugzilla.redhat.com/show_bug.cgi?id=494398
	NOTE: - https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html
CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the Precis ...)
	NOT-FOR-US: PrecisionID Datamatrix ActiveX control
CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in  ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remot ...)
	- amaya <removed>
CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other versi ...)
	{DSA-1757-1}
	- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, and O ...)
	NOT-FOR-US: Solaris
CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI Pro ...)
	NOT-FOR-US: Cafe Access Analyzer CGI Professional
CVE-2009-1205
	REJECTED
CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) CMS/Groupw ...)
	- tikiwiki <removed>
CVE-2009-1203 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with sof ...)
	NOT-FOR-US: Cisco
CVE-2009-1202 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with sof ...)
	NOT-FOR-US: Cisco
CVE-2009-1201 (Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/ ...)
	NOT-FOR-US: Cisco
CVE-2009-1200
	RESERVED
CVE-2009-1199
	RESERVED
CVE-2009-1198 (Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 al ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-1197 (Apache jUDDI before 2.0 allows attackers to spoof entries in log files ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-1196 (The directory-services functionality in the scheduler in CUPS 1.1.17 a ...)
	- cups 1.1.99.b1.r4748-1
	- cupsys <removed>
	[etch] - cupsys 1.1.99.b1.r4748-1
CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not proper ...)
	{DSA-1816-1}
	- apache2 2.2.11-6 (low; bug #530834)
CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in pango/ ...)
	{DSA-1798-1}
	- pango1.0 1.24.0-2 (medium; bug #527474)
CVE-2009-1193
	REJECTED
CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functio ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-4
	- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server  ...)
	- apache2 2.2.11-4 (low)
	[etch] - apache2 <not-affected> (introduced in 2.2.11)
	[lenny] - apache2 <not-affected> (introduced in 2.2.11)
CVE-2009-1190 (Algorithmic complexity vulnerability in the java.util.regex.Pattern.co ...)
	- libspring-2.5-java 2.5.6.SEC01-1
CVE-2009-1189 (The _dbus_validate_signature_with_reason function (dbus-marshal-valida ...)
	{DSA-1837-1}
	- dbus 1.2.14-1 (high; bug #532720)
	NOTE: remote signature spoofing possible, and this was supposed to be
	NOTE: originally fixed with the updates for CVE-2008-3834
CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the SplashBitmap::Sp ...)
	{DSA-2050-1 DSA-2028-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[etch] - poppler <not-affected> (SplashBitmap code not present)
	[lenny] - poppler 0.8.7-3.1
	- xpdf 3.02-2 (bug #575779)
	- kdegraphics 4:4.0
	- swftools 0.9.2+ds1-2
CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before 0.10. ...)
	{DSA-1941-1}
	- poppler 0.10.6-1 (medium; bug #524806)
CVE-2009-1186 (Buffer overflow in the util_path_encode function in udev/lib/libudev-u ...)
	{DSA-1772-1}
	- udev 0.141-1 (medium)
CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates ...)
	{DSA-1772-1}
	- udev 0.141-1 (medium)
CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in security/selinux/ ...)
	{DSA-1809-1 DSA-1800-1}
	- linux-2.6 2.6.29-5
	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earl ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUP ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager  ...)
	NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in M ...)
	- mapserver 5.2.2-1 (medium; bug #523027)
	[lenny] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch)
	[etch] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch)
CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2 ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (low; bug #523027)
	NOTE: covered by 02_CVE-2009-840-CVE-2009-2281.dpatch as well
CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in th ...)
	- banshee <unfixed> (unimportant)
	NOTE: banshee is intented as a desktop music player with no serious
	NOTE: login credentials that an attacker could use remote
CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: WebSphere
CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak pe ...)
	NOT-FOR-US: WebSphere
CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security component ...)
	NOT-FOR-US: WebSphere
CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 bef ...)
	{DSA-1761-1}
	- moodle 1.8.2.dfsg-5 (medium; bug #522116)
	NOTE: this applies only to people who have a complete tex environment and
	NOTE: aren't just using mimetex to render the tex
CVE-2009-1170 (Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 a ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...)
	{DSA-1756-1}
	- xulrunner 1.9.0.8-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0( ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-1167 (Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) p ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1166 (The administrative web interface on the Cisco Wireless LAN Controller  ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1165 (Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x be ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1164 (The administrative web interface on the Cisco Wireless LAN Controller  ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1163 (Memory leak on the Cisco Physical Access Gateway with software before  ...)
	NOT-FOR-US: Cisco
CVE-2009-1162 (Cross-site scripting (XSS) vulnerability in the Spam Quarantine login  ...)
	NOT-FOR-US: Cisco IronPort AsyncOS
CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco CiscoWo ...)
	NOT-FOR-US: CiscoWorks
CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series an ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2009-1153
	REJECTED
CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly othe ...)
	NOT-FOR-US: Siemens router
CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x  ...)
	{DSA-1824-1}
	- phpmyadmin 4:3.1.3.1-1
CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the export page ...)
	{DSA-1824-1}
	- phpmyadmin 4:3.1.3.1-1
CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB s ...)
	- phpmyadmin 4:3.1.3.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php in the B ...)
	- phpmyadmin 4:3.1.3.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine Communica ...)
	NOT-FOR-US: VmWare
CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware Workstati ...)
	NOT-FOR-US: VmWare
CVE-2009-1145
	RESERVED
CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf befo ...)
	- xpdf <not-affected> (Gentoo specific vulnerability in building xpdf)
CVE-2009-1143
	RESERVED
CVE-2009-1142
	RESERVED
CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 20 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft Windo ...)
	NOT-FOR-US: Microsoft
CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 doe ...)
	NOT-FOR-US: Microsoft
CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-1136 (The Microsoft Office Web Components Spreadsheet ActiveX control (aka O ...)
	NOT-FOR-US: ActiveX
CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold an ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration (ISA) Server
CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Ex ...)
	NOT-FOR-US: Microsoft
CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection (for ...)
	NOT-FOR-US: Microsoft
CVE-2009-1132 (Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95 importer (P ...)
	NOT-FOR-US: Microsoft
CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-1127 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1126 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1125 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1124 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1123 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS)  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1121
	RESERVED
CVE-2009-1120 (EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remo ...)
	NOT-FOR-US: EMC
CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 a ...)
	NOT-FOR-US: EMC RepliStor
CVE-2009-1118
	RESERVED
CVE-2009-1117
	RESERVED
CVE-2009-1116
	RESERVED
CVE-2009-1115
	RESERVED
CVE-2009-1114
	RESERVED
CVE-2009-1113
	RESERVED
CVE-2009-1112
	RESERVED
CVE-2009-1111
	RESERVED
CVE-2009-1110
	RESERVED
CVE-2009-1109
	RESERVED
CVE-2009-1108
	RESERVED
CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal functio ...)
	{DSA-1795-1}
	- ldns 1.5.1-1
CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Env ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development K ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE Developmen ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server implementatio ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK)  ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java Run ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Envi ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java Ru ...)
	{DSA-1769-1}
	- sun-java6 6-13-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and Jav ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE Develo ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java  ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary f ...)
	- xfig 1:3.2.5.a-1
	[etch] - xfig <no-dsa> (Minor issue)
	[lenny] - xfig <no-dsa> (Minor issue)
CVE-2009-1092 (Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX  ...)
	NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech r ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1090 (Directory traversal vulnerability in upload.php in Rapidleech rev.36 a ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1089 (Absolute path traversal vulnerability in upload.php in Rapidleech rev. ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote authen ...)
	NOT-FOR-US: Hannon Hill Cascade Server
CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1. ...)
	NOT-FOR-US: PPLive
CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the web ro ...)
	- piwik <itp> (bug #506933)
CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not proper ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX,  ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1082 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote a ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1081 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1080 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1079 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1078 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforc ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1077 (The Change My Password implementation in the admin interface in Sun Ja ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1076 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differ ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1075 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differ ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1074 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SS ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/ns ...)
	{DSA-1758-1}
	- nss-ldapd 0.6.8
CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD c ...)
	{DSA-1800-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allo ...)
	{DSA-1774-1}
	- ejabberd 2.0.5-1 (bug #520852)
	[etch] - ejabberd <not-affected> (Vulnerable expression not present)
CVE-2009-1071 (Stack-based buffer overflow in Icarus 2.0 allows remote attackers to c ...)
	NOT-FOR-US: Icarus
CVE-2009-1070 (Cross-site scripting (XSS) vulnerability in system/index.php in Expres ...)
	NOT-FOR-US: ExpressionEngine
CVE-2009-1069 (Multiple cross-site scripting (XSS) vulnerabilities in the node edit f ...)
	NOT-FOR-US: Drupal module
CVE-2009-1068 (Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Fre ...)
	NOT-FOR-US: BS.Player
CVE-2009-1067 (Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.0 ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1066 (SQL injection vulnerability in the referral function in admin/lib/lib_ ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1065 (SQL injection vulnerability in index.php in Pixie CMS 1.01a allows rem ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1064 (Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit  ...)
	NOT-FOR-US: Orbit Downloader
CVE-2009-1063 (Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers ...)
	NOT-FOR-US: eXeScope
CVE-2009-1062 (Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1  ...)
	NOT-FOR-US: Acrobat Reader
CVE-2009-1061 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 befo ...)
	NOT-FOR-US: Acrobat Reader
CVE-2009-1060 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1059 (Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote ...)
	NOT-FOR-US: Trident PowerZip
CVE-2009-1058 (Stack-based buffer overflow in ZipGenius might allow remote attackers  ...)
	NOT-FOR-US: ZipGenius
CVE-2009-1057 (MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to execu ...)
	NOT-FOR-US: MicroSmarts Enterprise ZipItFast!
CVE-2009-1056 (IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers ...)
	NOT-FOR-US: IBM Rational AppScan Enterprise
CVE-2009-1055 (Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev ...)
	NOT-FOR-US: Sitecore CMS
CVE-2009-1054 (Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through 200 ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2009-1053 (chaozzDB 1.2 and earlier stores sensitive information under the web ro ...)
	NOT-FOR-US: chaozzDB
CVE-2009-1052 (FireAnt 1.3 and earlier stores sensitive information under the web roo ...)
	NOT-FOR-US: FireAnt
CVE-2009-1051 (FubarForum 1.6 and earlier stores sensitive information under the web  ...)
	NOT-FOR-US: FubarForum
CVE-2009-1050 (Bloginator 1A allows remote attackers to bypass authentication and gai ...)
	NOT-FOR-US: Bloginator
CVE-2009-1049 (SQL injection vulnerability in articleCall.php in Bloginator 1A allows ...)
	NOT-FOR-US: Bloginator
CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom 360 ...)
	NOT-FOR-US: snom VoIP phones
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module  ...)
	NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before 2.6.28 ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to cause a d ...)
	- vlc 0.9.9a-1 (unimportant; bug #522170)
	NOTE: access is limited to localhost
CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute  ...)
	{DSA-1756-1}
	- xulrunner 1.9.0.8-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2009-1042 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows re ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...)
	- kfreebsd-7 7.1-3
	[lenny] - kfreebsd-7 7.0-7lenny1
CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote a ...)
	NOT-FOR-US: WinAsm
CVE-2009-1039 (Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbi ...)
	NOT-FOR-US: CDex
CVE-2009-1038 (Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote  ...)
	NOT-FOR-US: YAP Blog
CVE-2009-1037 (Unspecified vulnerability in the Send by e-mail module in the "Printer ...)
	NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1 module b ...)
	NOT-FOR-US: Plus 1 module for Drupal
CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1. ...)
	NOT-FOR-US: Tasklist module for Drupal
CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x- ...)
	NOT-FOR-US: Tasklist module for Drupal
CVE-2009-1033 (SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier al ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-1032 (SQL injection vulnerability in gallery_list.php in YABSoft Advanced Im ...)
	NOT-FOR-US: YABSoft Advanced Image Gallery
CVE-2009-1031 (Directory traversal vulnerability in the FTP server in Rhino Software  ...)
	NOT-FOR-US: FTP Rhino Software Serv-U
CVE-2009-1030 (Cross-site scripting (XSS) vulnerability in the choose_primary_blog fu ...)
	- wordpress-mu 2.9.1-1 (bug #399756)
CVE-2009-1029 (Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows r ...)
	NOT-FOR-US: POP Peeper
CVE-2009-1028 (Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote at ...)
	NOT-FOR-US: ediSys eZip Wizard
CVE-2009-1027 (SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers  ...)
	NOT-FOR-US: OpenCart
CVE-2009-1026 (Multiple SQL injection vulnerabilities in login.php in Kim Websites 1. ...)
	NOT-FOR-US: Kim Websites
CVE-2009-1025 (PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PH ...)
	NOT-FOR-US: Beerwin PHPLinkAdmin
CVE-2009-1024 (Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 all ...)
	NOT-FOR-US: Beerwin PHPLinkAdmin
CVE-2009-1023 (SQL injection vulnerability in index.php in phpComasy 0.9.1 allows rem ...)
	NOT-FOR-US: phpComasy
CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function in Gre ...)
	NOT-FOR-US: Gretech GOMlab GOM Encoder
CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component in Ora ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in Oracl ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1018 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1012 (Unspecified vulnerability in the plug-ins for Apache and IIS web serve ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1011 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1010 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1009 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology component in Or ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1007 (Unspecified vulnerability in the Data Mining component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA Product Suit ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator (AquaL ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1004 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1003 (Unspecified vulnerability in the WebLogic Server component in BEA Prod ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1002 (Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 Gol ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1001 (Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold throu ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1000 (The Oracle Applications Framework component in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0999 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0998 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - eBenefit ...)
	NOT-FOR-US: PeopleSoft Enterprise HRMS
CVE-2009-0997 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0996 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0995 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0994 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0993 (Unspecified vulnerability in the OPMN component in Oracle Application  ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0992 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0991 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0990 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0989 (Unspecified vulnerability in the BI Publisher component in Oracle Appl ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in Oracle D ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle Database  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0984 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0983 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0982 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-0981 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0980 (Unspecified vulnerability in the SQLX Functions component in Oracle Da ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0979 (Unspecified vulnerability in the Resource Manager component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0978 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0977 (Unspecified vulnerability in the Advanced Queuing component in Oracle  ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0976 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0975 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0974 (Unspecified vulnerability in the Portal component in Oracle Applicatio ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0973 (Unspecified vulnerability in the Cluster Ready Services component in O ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0972 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0971 (Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access A ...)
	NOT-FOR-US: futomi's CGI Cafe Access Analyzer CGI Standard Version
CVE-2009-0970 (PHP remote file inclusion vulnerability in includes/class_image.php in ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2009-0969 (Cross-site request forgery (CSRF) vulnerability in account/settings/ac ...)
	NOT-FOR-US: phpFoX
CVE-2009-0968 (SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 f ...)
	NOT-FOR-US: fMoblog plugin for WordPress
CVE-2009-0967 (The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote authent ...)
	NOT-FOR-US: Serv-U
CVE-2009-0966 (PHP remote file inclusion vulnerability in cross.php in YABSoft Mega F ...)
	NOT-FOR-US: YABSoft Mega File Hosting
CVE-2009-0965 (SQL injection vulnerability in functions/browse.php in Ganesha Digital ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2009-0964 (UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passw ...)
	NOT-FOR-US: PHPRunner
CVE-2009-0963 (Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly  ...)
	NOT-FOR-US: PHPRunner
CVE-2009-0962 (Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eComme ...)
	NOT-FOR-US: Futomi's CGI Cafe MP Form Mail CGI eCommerce
CVE-2009-0961 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS  ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0960 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS  ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0959 (The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0958 (Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 thr ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0957 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0956 (Apple QuickTime before 7.6.2 does not properly initialize memory befor ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0955 (Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0954 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0953 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0952 (Buffer overflow in Apple QuickTime before 7.6.2 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0951 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0950 (Stack-based buffer overflow in Apple iTunes before 8.2 allows remote a ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0949 (The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 do ...)
	{DSA-1811-1}
	- cups 1.3.10-1
CVE-2009-0948
	RESERVED
	- file 5.02-1
CVE-2009-0947
	RESERVED
	- file 5.02-1
CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote  ...)
	{DSA-1784-1}
	- freetype 2.3.9-4.1 (medium; bug #524925)
CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...)
	{DSA-1988-1 DSA-1950-1 DSA-1866-1}
	- qt4-x11 4:4.5.2-1 (medium; bug #532718)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
	NOTE: http://trac.webkit.org/changeset/43590
	- kde4libs 4:4.3.0-1 (medium; bug #534917)
	[lenny] - kde4libs <not-affected> (khtml doesn't have SVG support)
	NOTE: http://websvn.kde.org/?view=rev&revision=983302
	- kdegraphics 4:4.0 (medium; bug #534918)
	NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series
	NOTE: http://websvn.kde.org/?view=rev&revision=983306
CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X ...)
	NOT-FOR-US: Microsoft Office Spotlight
CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not  ...)
	NOT-FOR-US: Help Viewer in Apple Mac OS X
CVE-2009-0942 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not  ...)
	NOT-FOR-US: Help Viewer in Apple Mac OS X
CVE-2009-0941 (The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Pri ...)
	NOT-FOR-US: HP Embedded Web Server
CVE-2009-0940 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HP E ...)
	NOT-FOR-US: HP Embedded Web Server
CVE-2009-0939 (Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which h ...)
	- tor 0.2.0.34-1
CVE-2009-0938 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirr ...)
	- tor 0.2.0.34-1 (bug #512728)
CVE-2009-0937 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirr ...)
	- tor 0.2.0.34-1 (bug #514580)
CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to c ...)
	- tor 0.2.0.34-1
CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6 ...)
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
	[lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
	- linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...)
	- dotclear <not-affected> (Fixed before initial upload to archive)
CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in Hord ...)
	{DSA-1765-1}
	- horde3 3.2.2+debian0-2 (bug #513265; medium)
CVE-2009-0931 (Cross-site scripting (XSS) vulnerability in the tag cloud search scrip ...)
	- horde3 3.2.2+debian0-2 (bug #513265)
	[etch] - horde3 <not-affected> (Vulnerable code not present)
CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP befor ...)
	{DSA-1770-1}
	- imp4 4.2-4 (medium; bug #513266)
CVE-2009-0929 (Directory traversal vulnerability in the media manager in Nucleus CMS  ...)
	NOT-FOR-US: Nucleus CMS
CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Profess ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before ...)
	NOT-FOR-US: Adobe Reader and Adobe Acrobat
CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in Sun O ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-0925 (Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, an ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0924 (Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, wh ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-0923 (Unspecified vulnerability in Kerberos Incremental Propagation in Solar ...)
	NOT-FOR-US: Solaris
CVE-2009-0922 (PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows rem ...)
	- postgresql-8.3 8.3.7-1 (bug #517405)
	[lenny] - postgresql-8.3 8.3.7-0lenny1
	- postgresql-8.1 <removed>
	- postgresql-7.4 <removed>
	[etch] - postgresql-8.1 8.1.17-0etch1
	[etch] - postgresql-7.4 <no-dsa> (Minor issue)
CVE-2009-0921 (Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenVi ...)
	NOT-FOR-US: HP Openview
CVE-2009-0920 (Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Networ ...)
	NOT-FOR-US: HP Openview
CVE-2009-0919 (XAMPP installs multiple packages with insecure default passwords, whic ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0918 (Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0917 (Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1 ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0916 (Unspecified vulnerability in Opera before 9.64 has unknown impact and  ...)
	NOT-FOR-US: Opera
CVE-2009-0915 (Opera before 9.64 allows remote attackers to conduct cross-domain scri ...)
	NOT-FOR-US: Opera
CVE-2009-0914 (Opera before 9.64 allows remote attackers to execute arbitrary code vi ...)
	NOT-FOR-US: Opera
CVE-2009-0913 (Unspecified vulnerability in the keysock kernel module in Solaris 10 a ...)
	NOT-FOR-US: Solaris
CVE-2009-0912 (perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly  ...)
	NOT-FOR-US: perl-MDK-Common
CVE-2009-0911
	RESERVED
CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5 ...)
	NOT-FOR-US: VmWare
CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation 6.5 ...)
	NOT-FOR-US: VmWare
CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in  ...)
	NOT-FOR-US: VmWare
CVE-2009-0907
	REJECTED
CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM WebSpher ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0905 (IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not pr ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM WebS ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Fea ...)
	NOT-FOR-US: WebSphere
CVE-2009-0902
	RESERVED
CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-0900 (Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 befor ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0899 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 th ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV NN ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 bef ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0896 (Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the initi ...)
	- xvidcore <not-affected> (Fixed before initial release)
CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the  ...)
	- xvidcore <not-affected> (Fixed before initial release)
CVE-2009-0892 (The administrative console in IBM WebSphere Application Server (WAS) 6 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application Serve ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0890
	RESERVED
CVE-2009-0889 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0888 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in libpam/pam_mis ...)
	- pam 1.0.1-10 (low; bug #520115)
	[lenny] - pam 1.0.1-5+lenny1
	[etch] - pam 0.79-5+etch1
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1 ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow remot ...)
	NOT-FOR-US: Media Commands
CVE-2009-0884 (Buffer overflow in FileZilla Server before 0.9.31 allows remote attack ...)
	NOT-FOR-US: FileZilla Server (only client packaged in debian)
CVE-2009-0883 (SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when ma ...)
	NOT-FOR-US: Blue Eye CMS
CVE-2009-0882 (Multiple SQL injection vulnerabilities in nForum 1.5 allow remote atta ...)
	NOT-FOR-US: nForum
CVE-2009-0881 (SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows  ...)
	NOT-FOR-US: isiAJAX
CVE-2009-0880 (Directory traversal vulnerability in the CIM server in IBM Director be ...)
	NOT-FOR-US: Windows
CVE-2009-0879 (The CIM server in IBM Director before 5.20.3 Service Update 2 on Windo ...)
	NOT-FOR-US: Windows
CVE-2009-0878 (The read_game_map function in src/terrain_translation.cpp in Wesnoth b ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2009-0876 (Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and ...)
	- virtualbox-ose <not-affected> (Vulnerable code not present, Debian version patches localconf)
	[lenny] - virtualbox-ose <not-affected> (lenny version doesn't install binaries with suid 0)
CVE-2009-0875 (Race condition in the Doors subsystem in the kernel in Sun Solaris 8 t ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ker ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv ...)
	NOT-FOR-US: Solaris
CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does ...)
	NOT-FOR-US: Solaris
CVE-2009-0871 (The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4 ...)
	- asterisk <not-affected> (Vulnerable code introduced in 1.4.22)
CVE-2009-0870 (The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolar ...)
	NOT-FOR-US: Solaris
CVE-2009-0869 (Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM  ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-0868 (CRLF injection vulnerability in the WebLink template in Fujitsu Jasmin ...)
	NOT-FOR-US: Fujitsu Jasmine2000 Enterprise Edition
CVE-2009-0867 (The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 a ...)
	NOT-FOR-US: Fujitsu Enhanced Support Facility
CVE-2009-0866 (pHNews Alpha 1 stores sensitive information under the web root with in ...)
	NOT-FOR-US: pHNews
CVE-2009-0865 (Directory traversal vulnerability in the SnapShotToFile method in the  ...)
	NOT-FOR-US: GeoVision
CVE-2009-0864 (S-Cms 1.1 Stable allows remote attackers to bypass authentication and  ...)
	NOT-FOR-US: S-Cms
CVE-2009-0863 (SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stab ...)
	NOT-FOR-US: S-Cms
CVE-2009-0862 (Cross-site scripting (XSS) vulnerability in the hook_cntrlr_error_outp ...)
	NOT-FOR-US: TangoCMS
CVE-2009-0861 (Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 all ...)
	NOT-FOR-US: phpDenora
CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user interface in  ...)
	NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the Lin ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
	NOTE: for locally modified configs and even for that I fail to
	NOTE: see why anyone would run a kernel w/o CONFIG_SHMEM?
CVE-2009-0858 (The response_addname function in response.c in Daniel J. Bernstein djb ...)
	{DSA-1831-1}
	- djbdns 1:1.05-5 (low; bug #518169; bug #517631)
CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the Perfor ...)
	NOT-FOR-US: SunMC
CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample applicat ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows  ...)
	NOT-FOR-US: CelerBB
CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain "reserve ...)
	NOT-FOR-US: CelerBB
CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_qu ...)
	NOT-FOR-US: CelerBB
CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender Internet Secur ...)
	NOT-FOR-US: BitDefender
CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in NovaStor No ...)
	NOT-FOR-US: NovaNET
CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1  ...)
	- gtk+2.0 <not-affected> (suse specific patch)
CVE-2009-0847 (The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Affected code present, but not exploitable before 1.6.3)
CVE-2009-0846 (The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c i ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
CVE-2009-0845 (The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0844 (The get_input_token function in the SPNEGO implementation in MIT Kerbe ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (bug #523027)
	NOTE: this can only probe for files that are not present, useless when not
	NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows rem ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (bug #523027)
	NOTE: this doesn't work under linux as the root from the directory traversal needs to exist
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c  ...)
	{DSA-1914-1}
	- mapserver 5.4.2-1 (medium; bug #523027)
	NOTE: Initial fix was incomplete
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x b ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv ...)
	NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, inc ...)
	NOT-FOR-US: Foxit Reader
CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, includin ...)
	NOT-FOR-US: Foxit Reader
CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a logi ...)
	- dash <not-affected> (Debian uses upstream's patch to implement -l)
CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp sub ...)
	{DSA-1800-1}
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
	- linux-2.6.24 <removed>
	[etch] - linux-2.6.24 <no-dsa> (unimportant)
	NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earl ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 f ...)
	NOT-FOR-US: Winamp
CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV (job) mod ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows remote at ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow remote attac ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with insufficient acces ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient access ...)
	NOT-FOR-US: PollHelper
CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with insufficient a ...)
	NOT-FOR-US: BlogHelper
CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3 ...)
	NOT-FOR-US: TinX/cms
CVE-2009-0824 (Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in Sl ...)
	NOT-FOR-US: Elaborate Bytes ElbyCDIO.sys
CVE-2009-0823
	RESERVED
CVE-2009-0822
	RESERVED
CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause  ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser DoS not treated as security issues
CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
	NOT-FOR-US: phpScheduleIt
CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 a ...)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5)
	- mysql-5.1 5.1.32-1
CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_t ...)
	NOT-FOR-US: Taxonomy Theme module for Drupal
CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module  ...)
	NOT-FOR-US: Protected Node module for Drupal
CVE-2009-0816 (Multiple cross-site scripting (XSS) vulnerabilities in the backend use ...)
	{DTSA-193-1}
	- typo3-src 4.2.6-1 (low; bug #514713)
	[etch] - typo3-src 4.0.2+debian-8
CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8 ...)
	{DTSA-193-1}
	- typo3-src 4.2.6-1 (medium; bug #514713)
	[etch] - typo3-src 4.0.2+debian-8
CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 ...)
	NOT-FOR-US: Blogsa
CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX control (Im ...)
	NOT-FOR-US: ActiveX
CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23,  ...)
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX control i ...)
	NOT-FOR-US: ActiveX
CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0 allows remo ...)
	NOT-FOR-US: xGuestbook
CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release  ...)
	NOT-FOR-US: Dassault Systemes ENOVIA SmarTeam
CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allo ...)
	NOT-FOR-US: SimpleCMMS
CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative access via  ...)
	NOT-FOR-US: zFeeder
CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote authen ...)
	NOT-FOR-US: OpenGoo
CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a ...)
	NOT-FOR-US: piCal
CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...)
	- ziproxy 2.7.2-1 (low; bug #521051)
	[lenny] - ziproxy <no-dsa> (Minor issue)
CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, NetworkGuar ...)
	NOT-FOR-US: SmoothWall
CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the  ...)
	NOT-FOR-US: Qbik WinGate
CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP Ho ...)
	- squid 4.1-1 (unimportant; bug #521053)
	- squid3 3.3.3-1 (unimportant; bug #521052)
	NOTE: This only affects HTTP connections and only in transparent mode
	NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless
	NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cau ...)
	{DSA-1786-1}
	- acpid 1.0.10-1 (medium)
CVE-2009-0797
	REJECTED
CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Statu ...)
	- libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
	[lenny] - libapache2-mod-perl2 2.0.4-5+lenny1
	- apache <removed>
	[etch] - apache <no-dsa> (minor issue)
CVE-2009-0795
	REJECTED
CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in src/java/org/cl ...)
	- openjdk-6 6b16-1
	[lenny] - openjdk-6 <not-affected> (no PulseAudio support included)
CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...)
	{DSA-1769-1}
	- openjdk-6 6b16-1
	- lcms 1.18.dfsg-1.1 (low; bug #530785)
	[lenny] - lcms <no-dsa> (Minor issue)
	[etch] - lcms <no-dsa> (Minor issue)
CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color Consort ...)
	{DSA-2080-1 DTSA-198-1}
	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as use ...)
	- cupsys <removed> (medium; bug #535488)
	- cups 1.3.10-1 (medium; bug #535489)
	[etch] - cupsys <not-affected> (pdftops source included, but not built)
	[lenny] - cups <not-affected> (pdftops source included, but not built)
CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.2 ...)
	{DSA-1760-1 DSA-1759-1}
	- openswan 1:2.6.21+dfsg-1 (medium; bug #521949)
	- strongswan 4.2.14-1 (medium; bug #521950)
CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does not pr ...)
	- openssl <not-affected> (only non-Debian architectures affected)
CVE-2009-0788 (Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly r ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs funct ...)
	- linux-2.6 2.6.29-1 (medium; bug #529326)
	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.28)
CVE-2009-0786
	REJECTED
CVE-2009-0785
	RESERVED
CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.2009031 ...)
	{DSA-1755-1}
	- systemtap 0.0.20090314-2
	[etch] - systemtap <not-affected> (vulnerable code not present)
CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ...)
	{DSA-2207-1}
	- tomcat5.5 <removed> (low; bug #532366)
	- tomcat6 6.0.20-1 (low; bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (low; bug #532363)
CVE-2009-0782
	REJECTED
CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ca ...)
	{DSA-2207-1}
	- tomcat5.5 <removed> (unimportant; bug #532366)
	- tomcat6 6.0.20-1 (unimportant; bug #532362)
	- tomcat5 <removed> (unimportant; bug #532363)
	NOTE: Just examples on how to use Tomcat, not for production
CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and 4 ...)
	NOT-FOR-US: openbsd
CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users t ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2 ...)
	- linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonk ...)
	- iceweasel 3.0.7-1 (low; bug #576466)
	[lenny] - iceweasel <no-dsa> (minor issue)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0. ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...)
	{DSA-1751-1}
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird bef ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before  ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: QIP
CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier a ...)
	NOT-FOR-US: YapBB
CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root with insuf ...)
	NOT-FOR-US: Kipper
CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01 allows ...)
	NOT-FOR-US: Kipper
CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01 allows r ...)
	NOT-FOR-US: Kipper
CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 all ...)
	NOT-FOR-US: Kipper
CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 ...)
	NOT-FOR-US: Kipper
CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment a ...)
	NOT-FOR-US: ScriptsEz Ez PHP Comment
CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team Board 1 ...)
	NOT-FOR-US: Team Board
CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the web root ...)
	NOT-FOR-US: Team Board
CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.06 ...)
	{DSA-1735-1}
	- znc 0.066-1 (bug #516950)
CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in avahi-core ...)
	{DSA-2086-1}
	- avahi 0.6.24-3 (low; bug #517683)
	[etch] - avahi <no-dsa> (Minor issue)
	NOTE: reflector is off by default
CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent at ...)
	- mpfr 2.4.0-5 (low; bug #527475)
	[lenny] - mpfr <not-affected> (Vulnerable code not yet present)
	[etch] - mpfr <not-affected> (Vulnerable code not yet present)
CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 a ...)
	- poppler 0.10.6-1 (low; bug #518478)
	[lenny] - poppler 0.8.7-2
	[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
	NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release
CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 a ...)
	{DSA-1941-1}
	- poppler 0.10.6-1 (low; bug #518478)
	[lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
	[etch] - poppler <not-affected> (vulnerable code not present; forms introduced after 0.4.5)
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows l ...)
	{DSA-1789-1}
	- php4 <removed> (low)
	- php5 5.2.9.dfsg.1-2 (low; bug #523049)
CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution 4 ...)
	- movabletype-opensource <not-affected> (bug #518469)
	NOTE: http://www.sixapart.com/pipermail/mtos-dev/2009-March/002677.html
CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service  ...)
	{DSA-1740-1}
	- yaws 1.80-1
CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script  ...)
	NOT-FOR-US: txtSQL
CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2. ...)
	{DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 b ...)
	{DSA-1749-1}
	- linux-2.6 2.6.28-2 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2 ...)
	{DSA-1749-1}
	- linux-2.6 2.6.28-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2. ...)
	{DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in t ...)
	NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing
CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module fo ...)
	NOT-FOR-US: Cisco
CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a den ...)
	{DSA-1728-1}
	- dkim-milter 2.6.0.dfsg-2 (low)
	[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in l ...)
	- optipng 0.6.2.1-1 (low)
	[etch] - optipng 0.5.5-2
	[lenny] - optipng 0.6.1.1-2
CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home ...)
	NOT-FOR-US: Craft Silicon Banking@Home
CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease allows r ...)
	NOT-FOR-US: BlueBird Prelease
CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows remote  ...)
	NOT-FOR-US: MyNews
CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows remote ...)
	NOT-FOR-US: Auth Php
CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows ...)
	NOT-FOR-US: Pebble
CVE-2009-0735 (Directory traversal vulnerability in lib/classes/message_class.php in  ...)
	NOT-FOR-US: Papoo CMS
CVE-2009-0734 (Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia ...)
	NOT-FOR-US: MultimediaPlayer.exe
CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function  ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
	- openjdk-6 6b18-1.8.13-0+squeeze2
	NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier
CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with insufficien ...)
	NOT-FOR-US: Downloadcenter
CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free Arcade Scr ...)
	NOT-FOR-US: Free Arcade Script
CVE-2009-0730 (Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) ...)
	NOT-FOR-US: GigCalendar
CVE-2009-0729 (Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Ba ...)
	NOT-FOR-US: Page Engine CMS
CVE-2009-0728 (SQL injection vulnerability in the My_eGallery module for MAXdev MDPro ...)
	NOT-FOR-US: MAXdev MDPro/Postnuke
CVE-2009-0727 (SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and ear ...)
	NOT-FOR-US: taifajobs
CVE-2009-0726 (SQL injection vulnerability in the GigCalendar (com_gigcal) component  ...)
	NOT-FOR-US: Joomla!
CVE-2009-0725
	RESERVED
CVE-2009-0724
	RESERVED
CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1 ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
	- openjdk-6 6b18-1.8.13-0+squeeze2
	NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier
CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News 1.0.0 al ...)
	NOT-FOR-US: Potato News
CVE-2009-0721 (Unspecified vulnerability in Easy Login in the Sender module in HP Rem ...)
	NOT-FOR-US: HP Remote Graphics
CVE-2009-0720 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP-UX
CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0716 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 befor ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6 ...)
	NOT-FOR-US: HP Storage Essentials
CVE-2009-0714 (Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dp ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...)
	NOT-FOR-US: WMI Mapper
CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...)
	NOT-FOR-US: WMI Mapper
CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote attackers to r ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0709 (SQL injection vulnerability in login.php in PHPFootball 1.6 allows rem ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0708 (Multiple cross-site request forgery (CSRF) vulnerabilities in Semantic ...)
	NOT-FOR-US: SemanticScuttle
CVE-2009-0707 (SQL injection vulnerability in admin/index.php in PowerClan 1.14a allo ...)
	NOT-FOR-US: PowerClan
CVE-2009-0706 (SQL injection vulnerability in the Simple Review (com_simple_review) c ...)
	NOT-FOR-US: Joomla!
CVE-2009-0705 (SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5. ...)
	NOT-FOR-US: PowerScripts PowerNews
CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allows rem ...)
	NOT-FOR-US: WSN Guest
CVE-2009-0703 (SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 a ...)
	NOT-FOR-US: ASPThai.Net Webboard
CVE-2009-0702 (SQL injection vulnerability in the Phoca Documentation (com_phocadocum ...)
	NOT-FOR-US: Joomla!
CVE-2009-0701 (Multiple PHP remote file inclusion vulnerabilities in index.php in Cyb ...)
	NOT-FOR-US: Cybershade
CVE-2009-0700 (Plunet BusinessManager 4.1 and earlier allows remote authenticated use ...)
	NOT-FOR-US: Plunet BusinessManager
CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemei ...)
	NOT-FOR-US: Plunet BusinessManager
CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...)
	- xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium)
	- vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-0697
	RESERVED
CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 befo ...)
	{DSA-1847-1}
	- bind9 1:9.6.1.dfsg.P1-1 (bug #538975; high)
	NOTE: See also http://www.kb.cert.org/vuls/id/725188
CVE-2009-0695 (hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require authent ...)
	NOT-FOR-US: Wyse Device Manager not in Debian
CVE-2009-0694
	RESERVED
CVE-2009-0693 (Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow rem ...)
	NOT-FOR-US: Wyse Device Manager not in Debian
CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in clien ...)
	{DSA-1833-2 DSA-1833-1}
	- dhcp3 3.1.2p1-1 (medium)
	NOTE: dhcp in etch is not affected.
CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit  ...)
	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit  ...)
	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa. ...)
	{DSA-1998-1 DSA-1931-1 DLA-1564-1 DLA-376-1}
	- nspr 4.8-2
	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	- kdelibs 4:3.5.10.dfsg.1-3 (medium; bug #559265)
	- kde4libs 4:4.3.4-1 (medium; bug #559266)
	[lenny] - kde4libs <no-dsa> (Only uses by a few packages in Lenny, hardly any attack vector)
	- mono 4.2.1.102+dfsg2-4
	[wheezy] - mono <no-dsa> (Minor issue)
	NOTE: http://www.mono-project.com/docs/about-mono/vulnerabilities/
	NOTE: https://gist.github.com/directhex/01e853567fd2cc74ed39
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23  ...)
	{DSA-1807-1 DTSA-200-1 DTSA-201-1}
	- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
	- cyrus-sasl2-heimdal 2.1.23.dfsg1-1
	NOTE: VU#238019
CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used in Op ...)
	NOT-FOR-US: OpenBSD Packet Filter
CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in T ...)
	NOT-FOR-US: Trend Micro Internet Pro
CVE-2009-0685
	RESERVED
CVE-2009-0684
	RESERVED
CVE-2009-0683
	RESERVED
CVE-2009-0682 (vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0 ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2009-0681 (PGP Desktop before 9.10 allows local users to (1) cause a denial of se ...)
	NOT-FOR-US: PGP Desktop
CVE-2009-0680 (cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows ...)
	NOT-FOR-US: Netgear
CVE-2009-0679 (Cross-site scripting (XSS) vulnerability in the Your Account module in ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0678 (images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0677 (avatarlist.php in the Your Account module, reached through modules.php ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel be ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Original fix was incomplete/risky, see:
	NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
	NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
	NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kern ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when register ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your  ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0672 (SQL injection vulnerability in the Resend_Email module in Raven Web Se ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0671
	REJECTED
CVE-2009-0670
	RESERVED
CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise ...)
	{DSA-2234-1 DSA-1863-1}
	- zope3 <removed> (bug #540462)
	- zope2.11 2.11.4-1 (bug #540463)
	- zope2.10 2.10.9-1 (bug #540464)
	- zope2.9 <removed>
	- zodb 1:3.8.2-1 (bug #540465)
CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, ...)
	{DSA-2234-1 DSA-1863-1}
	- zope3 <removed> (medium; bug #540462)
	- zope2.11 2.11.4-1 (medium; bug #540463)
	- zope2.10 2.10.9-1 (medium; bug #540464)
	- zope2.9 <removed>
	- zodb 1:3.8.2-1 (medium; bug #540465)
CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventor ...)
	{DSA-1828-1}
	- ocsinventory-agent 1:0.0.9.2repack1-5 (medium; bug #506416)
CVE-2009-0666
	RESERVED
CVE-2009-0665
	RESERVED
CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x be ...)
	{DSA-1778-1}
	- mahara 1.1.3-1 (low)
CVE-2009-0663 (Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-per ...)
	{DSA-1780-1}
	- libdbd-pg-perl 2.1.3-1
CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product  ...)
	- plone3 <removed> (medium; bug #525943)
CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attack ...)
	{DSA-1744-1}
	- weechat 0.2.6.1-1 (medium; bug #519940)
	[etch] - weechat <not-affected> (vulnerable code not present)
CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 befo ...)
	{DSA-1736-1}
	- mahara 1.1.2-1 (low)
CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
	NOT-FOR-US: TPTEST
CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and e ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate attacker ...)
	NOT-FOR-US: Toshiba Face Recognition
CVE-2009-0656 (Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypa ...)
	NOT-FOR-US: Asus SmartLogon
CVE-2009-0655 (Lenovo Veriface III allows physically proximate attackers to login to  ...)
	NOT-FOR-US: Lenovo Veriface
CVE-2009-0654 (Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attacke ...)
	- tor <unfixed> (unimportant)
	NOTE: attacker already controls entry and exit node at this stage
CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an  ...)
	- openssl 0.9.8-1 (bug #517791)
CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox  ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
	NOT-FOR-US: Veritas network daemon
CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
	NOT-FOR-US: TPTEST
CVE-2009-0649 (The web browser in Symbian OS on the Nokia N95 cell phone allows remot ...)
	NOT-FOR-US: Symbian OS
CVE-2009-XXXX [thunar: potential exploits via  application launchers]
	- thunar <unfixed> (bug #517020; unimportant)
	NOTE: Minor impact, any attack would still require a significant amount of social engineering
CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally exploitable security flaw]
	- sysvinit <unfixed> (bug #517018; unimportant)
	NOTE: hardly a security issue, if an attacker has local access to the machine and you
	NOTE: don't use encryption or something similar you have lost anyway
	NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you
	NOTE: have local access to the machine. it is worth it to make it as difficult as
	NOTE: possible without impacting authorized users. otherwise, why spend so much effort
	NOTE: to make sure xscreensaver, gdm, and login are rock solid?
	NOTE: - i would like to track as low, rather than unimportant
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7  ...)
	{DSA-1739-1}
	- mldonkey 3.0.0-1 (bug #516829; medium)
	[etch] - mldonkey <not-affected> (vulnerable code not present)
	NOTE: daemon is run as non-root and can only be exploited via localhost
CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: Falt4 CMS
CVE-2009-0647 (msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206,  ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2009-0646 (Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier al ...)
	NOT-FOR-US: 4Site CMS
CVE-2009-0645 (Directory traversal vulnerability in index.php in Jaws 0.8.8 allows re ...)
	NOT-FOR-US: Jaws
CVE-2009-0644 (The HTTP interface in Swann DVR4-SecuraNet has a certain default admin ...)
	NOT-FOR-US: Swann DVR4-SecuraNet
CVE-2009-0643 (Static code injection vulnerability in post.php in Simple PHP News 1.0 ...)
	NOT-FOR-US: Simple PHP News
CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check th ...)
	{DSA-1860-1}
	- ruby1.9 1.9.0.5-1 (bug #513528)
	- ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939)
CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions de ...)
	NOT-FOR-US: FreeBSD telnetd (apparently there's some common code base in netkit-telnet, but it's not affected
CVE-2009-0640 (Directory traversal vulnerability in the administrative web server in  ...)
	NOT-FOR-US: Swann DVR4-SecuraNet
CVE-2009-0639 (PHP remote file inclusion vulnerability in moduli/libri/index.php in p ...)
	NOT-FOR-US: phpyabs
CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Acc ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voi ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulati ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) implementa ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversa ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configu ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka ST ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allow ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0627 (Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when run ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attack ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine Modu ...)
	NOT-FOR-US: Cisco
CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE A ...)
	NOT-FOR-US: Cisco
CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine Modu ...)
	NOT-FOR-US: Cisco
CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine Modu ...)
	NOT-FOR-US: Cisco
CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...)
	NOT-FOR-US: Cisco
CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...)
	NOT-FOR-US: Cisco
CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) befor ...)
	NOT-FOR-US: Cisco
CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application Netwo ...)
	NOT-FOR-US: Cisco
CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default M ...)
	NOT-FOR-US: Cisco
CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default use ...)
	NOT-FOR-US: Cisco
CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking Mana ...)
	NOT-FOR-US: Cisco
CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified MeetingPl ...)
	NOT-FOR-US: Cisco
CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237  ...)
	NOT-FOR-US: Trend Micro
CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and I ...)
	NOT-FOR-US: Trend Micro
CVE-2009-0611 (Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminS ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2009-0610 (Multiple static code injection vulnerabilities in post.php in Simple P ...)
	NOT-FOR-US: Simple PHP News
CVE-2009-0609 (Sun Java System Directory Proxy Server in Sun Java System Directory Se ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-0608 (Integer overflow in the showLog function in fake_log_device.c in liblo ...)
	NOT-FOR-US: Android
CVE-2009-0607 (Multiple integer overflows in malloc_leak.c in Bionic in Open Handset  ...)
	NOT-FOR-US: Android
CVE-2009-0606 (The link_image function in linker/linker.c in the dynamic linker in Bi ...)
	NOT-FOR-US: Android
CVE-2009-0605 (Stack consumption vulnerability in the do_page_fault function in arch/ ...)
	- linux-2.6 <not-affected> (CONFIG_KPROBES is not enabled)
	- linux-2.6.24 <not-affected> (CONFIG_KPROBES is not enabled)
CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21 and earl ...)
	NOT-FOR-US: PHP Director
CVE-2009-0603 (Cross-site scripting (XSS) vulnerability in index.php in the Link modu ...)
	NOT-FOR-US: Link drupal module
CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi ...)
	NOT-FOR-US: WikkiTikkiTavi
CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-W ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.8)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers t ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0 ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 al ...)
	NOT-FOR-US: PhpMesFilms
CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b&gt;cms (aka w3bl ...)
	NOT-FOR-US: w3b>cms
CVE-2009-0596 (Directory traversal vulnerability in skysilver/login.tpl.php in phpSke ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0595 (PHP remote file inclusion vulnerability in skysilver/login.tpl.php in  ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0594 (Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1 ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0593 (SQL injection vulnerability in members.php in plx Auto Reminder 3.7 al ...)
	NOT-FOR-US: plx Auto Reminder
CVE-2009-0592 (Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and earl ...)
	NOT-FOR-US: PNphpBB2
CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is  ...)
	- openssl <not-affected> (vulnerable versions not uploaded to Debian)
CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remo ...)
	{DSA-1763-1}
	- openssl 0.9.8g-16 (low; bug #522002)
CVE-2009-0589
	REJECTED
CVE-2009-0588 (agent/request/op.cgi in the Registration Authority (RA) component in R ...)
	NOT-FOR-US: Registration Authority (RA) component in Red Hat Certificate System (RHCS)
CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka evolution-dat ...)
	{DSA-1813-1}
	- evolution-data-server 2.22.3-1 (medium)
	NOTE: this version doesnt fix the overflows but uses the glib functions for decoding instead
CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs ...)
	- gst-plugins-base0.10 0.10.22-4
	[lenny] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present)
	[etch] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present)
CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in  ...)
	{DSA-1748-1}
	- libsoup 2.2.105-4 (medium; bug #520039)
CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library (aka  ...)
	{DSA-1746-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
	- argyll 1.0.3-2 (bug #522448)
	- gs-gpl <removed> (medium)
	- gs-esp <removed>
CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color Consort ...)
	{DSA-1746-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
	- argyll 1.0.3-2 (bug #522448)
	- gs-gpl <removed> (medium)
	- gs-esp <removed>
CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism  ...)
	{DSA-1813-1}
	- evolution-data-server 2.26.1.1-1
CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as us ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ...)
	{DSA-2207-1}
	- tomcat6 6.0.20-1 (low; bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (low; bug #532363)
	- tomcat5.5 <removed> (low; bug #532366)
CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age (MIND ...)
	- pam 1.0.1-10 (unimportant; bug #514437)
	NOTE: the ability to change a password earlier than scheduled is not a security
	NOTE: vulnerability in itself (unless the user changes their password back to
	NOTE: their previous password; thus violating the security policy as defined by
	NOTE: the administrator)
CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify privileg ...)
	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
	[lenny] - network-manager-applet <not-affected> (Bug affected the 0.7.x series)
CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS 1.1.1 ...)
	NOT-FOR-US: RedHat specific, because they had a problem applying the fix for CVE-2008-3640
CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 a ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the theme_views_bulk_opera ...)
	NOT-FOR-US: Views Bulk Operations
CVE-2009-0574 (SQL injection vulnerability in index.php in Easy CafeEngine allows rem ...)
	NOT-FOR-US: Easy CafeEngine
CVE-2009-0573 (Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Bu ...)
	NOT-FOR-US: FotoWeb
CVE-2009-0572 (PHP remote file inclusion vulnerability in include/flatnux.php in Flat ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2009-0571 (admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillis ...)
	NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0570 (Directory traversal vulnerability in send.php in Ninja Designs Mailist ...)
	NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows rem ...)
	NOT-FOR-US: Becky! Internet Mail
CVE-2009-0568 (The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0567
	REJECTED
CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate object ...)
	NOT-FOR-US: Microsoft Office Publisher
CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0564
	RESERVED
CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP SP3,  ...)
	NOT-FOR-US: ActiveX
CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, an ...)
	NOT-FOR-US: Microsoft
CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0558 (Array index error in Excel in Microsoft Office 2000 SP3 and Office 200 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, an ...)
	NOT-FOR-US: Microsoft
CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and Powe ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0552 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 S ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0551 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3,  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, an ...)
	NOT-FOR-US: Microsoft
CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional Report Sett ...)
	NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-ma ...)
	{DSA-1813-1}
	- evolution-data-server 2.24.5-2 (low; bug #508479)
CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier all ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote atta ...)
	NOT-FOR-US: ZeroShell
CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attack ...)
	{DSA-1726-1}
	- python-crypto 2.0.1+dfsg1-3 (bug #516660)
CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote attacker ...)
	{DSA-1730-1 DSA-1727-1}
	- proftpd-dfsg 1.3.2-1 (medium; bug #516388)
	[etch] - proftpd-dfsg <not-affected> (etch version not affected)
	[lenny] - proftpd-dfsg 1.3.1-17lenny2
CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 a ...)
	{DSA-1730-1 DSA-1727-1}
	- proftpd-dfsg 1.3.2-1 (medium; bug #516388)
	[etch] - proftpd-dfsg <not-affected> (etch version not affected)
	[lenny] - proftpd-dfsg 1.3.1-17lenny2
CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 a ...)
	NOT-FOR-US: Magento
CVE-2009-0540 (Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possib ...)
	NOT-FOR-US: Libero
CVE-2009-0539
	RESERVED
CVE-2009-0538 (Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 all ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in (1) Ope ...)
	- glibc <not-affected> (Vulnerable code not present)
	NOTE: glibc checks the comlete path length being not longer than USHRT_MAX
	NOTE: and closes the directory path + free of structures in case , io/fts.c line 727
CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 th ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and earli ...)
	NOT-FOR-US: Thyme
CVE-2009-0534 (SQL injection vulnerability in FlexCMS allows remote attackers to exec ...)
	NOT-FOR-US: FlexCMS
CVE-2009-0533 (Cross-site scripting (XSS) vulnerability in password.php in Scripts fo ...)
	NOT-FOR-US: Sites EZ Reminder
CVE-2009-0532 (Cross-site scripting (XSS) vulnerability in password.php in Scripts Fo ...)
	NOT-FOR-US: Scripts For Sites (SFS) EZ Baby
CVE-2009-0531 (SQL injection vulnerability in gallery/view.asp in A Better Member-Bas ...)
	NOT-FOR-US: A Better Member-Based ASP Photo Gallery
CVE-2009-0530 (Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2. ...)
	NOT-FOR-US: SnippetMaster
CVE-2009-0529 (Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster ...)
	NOT-FOR-US: SnippetMaster
CVE-2009-0528 (SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and ea ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2009-0527 (PHP remote file inclusion vulnerability in plugins/rss_importer_functi ...)
	NOT-FOR-US: AdaptCMS
CVE-2009-0526 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Ad ...)
	NOT-FOR-US: AdaptCMS
CVE-2009-0525 (Cross-site scripting (XSS) vulnerability in the sajax_get_common_js fu ...)
	NOT-FOR-US: Sajax
CVE-2009-XXXX [nautilus: potential exploits via application launchers]
	- nautilus 2.26.2-1 (low; bug #515104)
	[lenny] - nautilus <no-dsa> (Minor issue)
	[etch] - nautilus <no-dsa> (Minor issue)
	NOTE: need to submit a request for CVE id
CVE-2009-XXXX [konqueror: potential exploits via application launchers]
	- kdebase <unfixed> (unimportant; bug #515106)
	NOTE: Minor impact, any attack would still require a significant amount of social engineering
CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based i ...)
	{DSA-1901-1}
	- mediawiki 1:1.14.0-1 (low; bug #514547)
	- mediawiki1.7 <removed>
	[lenny] - mediawiki 1:1.12.0-2lenny3
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, an ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 an ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before 9 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 doe ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...)
	NOT-FOR-US: VMware
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earl ...)
	NOT-FOR-US: phpSlash
CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...)
	NOT-FOR-US: BusinessSpace
CVE-2009-0515 (Directory traversal vulnerability in check_lang.php in Yet Another NOC ...)
	NOT-FOR-US: YANOCC
CVE-2009-0514 (Multiple directory traversal vulnerabilities in WebFrame 0.76 allow re ...)
	NOT-FOR-US: WebFrame
CVE-2009-0513 (Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 al ...)
	NOT-FOR-US: WebFrame
CVE-2009-0512 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0511 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0510 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0508 (The Servlet Engine/Web Container and JSP components in IBM WebSphere A ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for  ...)
	NOT-FOR-US: IBM TXSeries
CVE-2009-0504 (WSPolicy in the Web Services component in IBM WebSphere Application Se ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database co ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ...)
	{DSA-1724-1}
	- moodle 1.8.2.dfsg-3 (low)
	NOTE: MSA-09-0004
CVE-2009-0501 (Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ...)
	{DTSA-195-1}
	- moodle 1.8.2.dfsg-4 (low)
	[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1 ...)
	{DSA-1724-1 DTSA-195-1}
	- moodle 1.8.2.dfsg-3 (low)
CVE-2009-0499 (Cross-site request forgery (CSRF) vulnerability in the forum code in M ...)
	- moodle 1.8.2.dfsg-3 (low)
	[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0498 (Virtual GuestBook (vgbook) 2.1 stores sensitive information under the  ...)
	NOT-FOR-US: Virtual GuestBook
CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime Openfi ...)
	NOT-FOR-US: Openfire
CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...)
	NOT-FOR-US: Openfire
CVE-2009-0495 (PHP remote file inclusion vulnerability in include/define.php in REALT ...)
	NOT-FOR-US: REALTOR
CVE-2009-0494 (SQL injection vulnerability in the Portfol (com_portfol) 1.2 component ...)
	NOT-FOR-US: Joomla!
CVE-2009-0493 (SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier al ...)
	NOT-FOR-US: IT CMS
CVE-2009-0492 (Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknow ...)
	NOT-FOR-US: SimpleIrcBot
CVE-2009-0491 (Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081 ...)
	NOT-FOR-US: Elecard MPEG Player
CVE-2009-0488 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allow ...)
	NOT-FOR-US: Phorum
CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls t ...)
	- bugzilla 3.2.4.0-1 (bug #514143)
	[etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
	[lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2. ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 befor ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3. ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris bef ...)
	NOT-FOR-US: Solaris
CVE-2009-0489 (The DBus configuration file for Wicd before 1.5.9 allows arbitrary use ...)
	- wicd 1.5.9-1
CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php in Onl ...)
	NOT-FOR-US: Online Grades
CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem in Sun  ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0  ...)
	NOT-FOR-US: MultiMedia Soft audio components
CVE-2009-0475 (Integer underflow in the Huffman decoding functionality (pvmp3_huffman ...)
	NOT-FOR-US: OpenCORE
CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A  ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0473 (Open redirect vulnerability in the web interface in the Rockwell Autom ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0472 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0471 (Cross-site request forgery (CSRF) vulnerability in the HTTP server in  ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0470 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0469 (Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI 1.1 ...)
	NOT-FOR-US: futomi's CGI Cafe
CVE-2009-0468 (Multiple cross-site request forgery (CSRF) vulnerabilities in ajax.htm ...)
	NOT-FOR-US: Profense Web Application Firewall
CVE-2009-0467 (Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web ...)
	NOT-FOR-US: Profense Web Application Firewall
CVE-2009-0466 (Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 all ...)
	NOT-FOR-US: Vivvo CMS
CVE-2009-0465 (The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL ...)
	NOT-FOR-US: Synactis ALL In-The-Box ActiveX 3
CVE-2009-0464 (PHP remote file inclusion vulnerability in includes/header.php in Groo ...)
	NOT-FOR-US: Groone GBook
CVE-2009-0463 (PHP remote file inclusion vulnerability in includes/header.php in Groo ...)
	NOT-FOR-US: Groone GLinks
CVE-2009-0462 (Multiple SQL injection vulnerabilities in customer_login_check.asp in  ...)
	NOT-FOR-US: ClickTech ClickCart
CVE-2009-0461 (Whole Hog Password Protect: Enhanced 1.x allows remote attackers to by ...)
	NOT-FOR-US: Whole Hog Password Protect
CVE-2009-0460 (Whole Hog Ware Support 1.x allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Whole Hog Ware Support
CVE-2009-0459 (Multiple SQL injection vulnerabilities in admin/login_submit.php in Wh ...)
	NOT-FOR-US: Whole Hog Password Protect
CVE-2009-0458 (Multiple SQL injection vulnerabilities in admin/login_submit.php in Wh ...)
	NOT-FOR-US: Whole Hog Ware Support
CVE-2009-0457 (Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow r ...)
	NOT-FOR-US: AJA Portal
CVE-2009-0456 (PHP remote file inclusion vulnerability in examples/example_clientside ...)
	NOT-FOR-US: patForms
CVE-2009-0455 (Cross-site scripting (XSS) vulnerability in the anonymous comments fea ...)
	NOT-FOR-US: glFusion
CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online Notebook Man ...)
	NOT-FOR-US: DMXReady Online Notebook Manager
CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain configuration in ...)
	NOT-FOR-US: Online Grades
CVE-2009-0452 (Multiple SQL injection vulnerabilities in parents/login.php in Online  ...)
	NOT-FOR-US: Online Grades
CVE-2009-0451 (SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote attac ...)
	NOT-FOR-US: Skalfa SkaLinks
CVE-2009-0450 (Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier  ...)
	NOT-FOR-US: BlazeVideo
CVE-2009-0449 (Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations  ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-0448 (Directory traversal vulnerability in admin/modules/aa/preview.php in S ...)
	NOT-FOR-US: Syntax Desktop
CVE-2009-0447 (Multiple SQL injection vulnerabilities in default.asp in MyDesign Saya ...)
	NOT-FOR-US: MyDesign Sayac
CVE-2009-0446 (SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remot ...)
	NOT-FOR-US: WEBalbum
CVE-2009-0445 (SQL injection vulnerability in index.php in Dreampics Gallery Builder  ...)
	NOT-FOR-US: Dreampics Gallery Builder
CVE-2009-0444 (Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, whe ...)
	NOT-FOR-US: GRBoard
CVE-2009-0443 (Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows  ...)
	NOT-FOR-US: Elecard AVC HD PLAYER
CVE-2009-0442 (Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and 1 ...)
	NOT-FOR-US: PHPbbBook
CVE-2009-0441 (PHP remote file inclusion vulnerability in skin_shop/standard/2_view_b ...)
	NOT-FOR-US: Technote
CVE-2009-0440 (IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not pro ...)
	NOT-FOR-US: IBM WebSphere Partner Gateway
CVE-2009-0439 (Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows all ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere Applic ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0436 (The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x  ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2009-0435 (Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or libi ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0434 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere Ap ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0433 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5. ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0432 (The installation process for the File Transfer servlet in the System M ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard Editio ...)
	NOT-FOR-US: LinksPro
CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids all ...)
	NOT-FOR-US: Active Bids
CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote att ...)
	NOT-FOR-US: Active Bids
CVE-2009-0428 (SQL injection vulnerability in CategoryManager/upload_image_category.a ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0427 (SQL injection vulnerability in CategoryManager/upload_image_category.a ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0426 (SQL injection vulnerability in CategoryManager/upload_image_category.a ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ear ...)
	NOT-FOR-US: Blue Eye CMS
CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook  ...)
	NOT-FOR-US: AN Guestbook
CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album (PHP ...)
	NOT-FOR-US: Php Photo Album
CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in phpLis ...)
	- phplist <itp> (bug #612288)
CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x compo ...)
	NOT-FOR-US: Joomla!
CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
	NOT-FOR-US: Joomla!
CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, Offi ...)
	NOT-FOR-US: Microsoft
CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX  ...)
	NOT-FOR-US: HP HP-UX
CVE-2009-0417 (Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(n ...)
	NOT-FOR-US: Agavi
CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based L ...)
	NOT-FOR-US: sblim-sfcb
CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...)
	- trickle 1.07-6 (bug #513456; low)
	[etch] - trickle <no-dsa> (Minor issue)
CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcu ...)
	- roundcube 0.2~stable-1 (low; bug #514179)
	[lenny] - roundcube <not-affected> (Vulnerable code not present)
CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping Car ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and  ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC 2 ...)
	NOT-FOR-US: osCommerce
CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 al ...)
	NOT-FOR-US: PHP-CMS
CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4 and earl ...)
	NOT-FOR-US: Community CMS
CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0 allow ...)
	NOT-FOR-US: smartSite CMS
CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics  ...)
	NOT-FOR-US: Bioinformatics htmLawed
CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk Blog ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain Techno ...)
	NOT-FOR-US: Domain Technologie Control
CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows remo ...)
	NOT-FOR-US: E-Php CMS
CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial all ...)
	NOT-FOR-US: SocialEngine
CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain administrator  ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in gst/qtdemux/ ...)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present)
CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in gs ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W88 ...)
	NOT-FOR-US: Sony Ericsson
CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media Car P ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture Exercises (PLE ...)
	NOT-FOR-US: Pre Lecture Exercises
CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wi ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola Wimax mod ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform ...)
	NOT-FOR-US: Enomaly Elastic Computing Platform
CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) A ...)
	NOT-FOR-US: ActiveX
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...)
	- tightvnc <not-affected> (bug in the windows-specific client connection code)
	NOTE: http://bugs.debian.org/528204
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in gst/qtdemux ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in gs ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remot ...)
	NOT-FOR-US: OwnRS CMS
CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access, which  ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n) Translation 5 ...)
	- drupal5 <not-affected> (Translation module not packaged)
	- drupal6 <not-affected> (Issue only affects the 5.x branch)
CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Ca ...)
	NOT-FOR-US: BazaarBuilder Ecommerce Shopping Cart
CVE-2009-0380
	NOT-FOR-US: Sigsiu Online Business Index
CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess ...)
	NOT-FOR-US: Prince Clan Chess Club
CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the beamospet ...)
	NOT-FOR-US: Joomla!
CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla!
CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10 ...)
	NOT-FOR-US: RealPlayer
CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlaye ...)
	NOT-FOR-US: RealPlayer
CVE-2009-0374
	- chromium-browser <unfixed> (unimportant)
	- webkit <not-affected> (poc doesn't work)
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine Delux ...)
	NOT-FOR-US: Joomla!
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik Mano ...)
	NOT-FOR-US: Miltenovik Manojlo MemHT Portal
CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and  ...)
	NOT-FOR-US: SiteXS CMS
CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 al ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0487 (Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows ...)
	- mahara 1.0.9-1 (low)
	[lenny] - mahara 1.0.4-4
CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allo ...)
	{DSA-1732-1}
	- squid 2.7.STABLE3-4.1 (medium; bug #514142)
	- squid3 3.0.STABLE8-3 (medium)
	[etch] - squid <not-affected> (Vulnerable code not present)
CVE-2009-XXXX [glpi sql injection]
	- glpi 0.71.5-1 (bug #513611; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted f ...)
	{DTSA-192-1}
	- audacity 1.3.6-1 (bug #514138)
	[lenny] - audacity 1.3.5-2+lenny1
CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass i ...)
	{DSA-1734-1}
	- opensc 0.11.7-1
	[etch] - opensc <not-affected> (vulnerable code not present)
CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows rem ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an inc ...)
	{DSA-1955-1}
	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
	- network-manager 0.6.5-1 (medium)
	NOTE: network-manager in lenny not affected, because it is in network-manager-applet
CVE-2009-0364 (Format string vulnerability in the mini_calendar component in Citadel. ...)
	{DSA-1752-1}
	- webcit 7.38b-dfsg-2 (low)
CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1. ...)
	{DTSA-197-1}
	- barnowl 1.0.5-1
	[lenny] - barnowl 1.0.1-4
	- owl 2.2.2-1 (bug #515118)
	[lenny] - owl <no-dsa> (Minor issue)
	[etch] - owl <no-dsa> (Minor issue)
CVE-2009-0362 (filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expre ...)
	- fail2ban 0.8.3-2sid1 (low; bug #514163)
CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in So ...)
	{DSA-1722-1 DSA-1721-1}
	- libpam-heimdal 3.10-2.1 (bug #516695)
	- libpam-krb5 3.13-2
	[lenny] - libpam-krb5 3.11-4
CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, d ...)
	{DSA-1721-1}
	- libpam-krb5 3.13-2
	[lenny] - libpam-krb5 3.11-4
CVE-2009-0359 (Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before ...)
	{DTSA-194-1}
	- samizdat 0.6.2-2
CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) n ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not proper ...)
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ( ...)
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- kompozer <not-affected> (.desktop file support is not available)
CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox befor ...)
	- iceweasel 3.0.6-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x  ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunder ...)
	{DSA-1830-1}
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0 ...)
	{DSA-1830-1}
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform al ...)
	- systrace <removed>
CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows  ...)
	- systrace <removed>
CVE-2009-0351 (Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remo ...)
	NOT-FOR-US: WinFTP
CVE-2009-0350 (Stack-based buffer overflow in Merak Media Player 3.2 allows remote at ...)
	NOT-FOR-US: Merak Media Player
CVE-2009-0349 (Stack-based buffer overflow in FTPShell Server 4.3 allows user-assiste ...)
	NOT-FOR-US: FTPShell Server
CVE-2009-0348 (The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0347 (Open redirect vulnerability in cs.html in the Autonomy (formerly Verit ...)
	NOT-FOR-US: Autonomy (formerly Verity) Ultraseek search engine
CVE-2009-0346 (The IP-in-IP packet processing implementation in the IPsec and IP stac ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0345 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0344 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0341 (The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0340 (Multiple directory traversal vulnerabilities in Simple PHP Newsletter  ...)
	NOT-FOR-US: Simple PHP Newsletter
CVE-2009-0339 (SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0338 (Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in  ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0337 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allow ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0336 (Katy Whitton BlogIt! stores sensitive information under the web root w ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0335 (Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton  ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0334 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allow ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0333 (SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_w ...)
	NOT-FOR-US: Joomla!
CVE-2009-0332 (Multiple SQL injection vulnerabilities in AV Book Library before 1.1 a ...)
	NOT-FOR-US: AV Book Library
CVE-2009-0331 (Directory traversal vulnerability in gallery/comment.php in Enhanced S ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery (ESPG)
CVE-2009-0330 (Directory traversal vulnerability in index.php in Simple Content Manag ...)
	NOT-FOR-US: Simple Content Management System (SCMS)
CVE-2009-0329 (SQL injection vulnerability in the PcCookBook (com_pccookbook) compone ...)
	NOT-FOR-US: Joomla!
CVE-2009-0328 (ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) ...)
	NOT-FOR-US: ROBS-PROJECTS Digital Sales IPN
CVE-2009-0327 (SQL injection vulnerability in readbible.php in Free Bible Search PHP  ...)
	NOT-FOR-US: Free Bible Search PHP Script
CVE-2009-0326 (SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta all ...)
	NOT-FOR-US: Dark Age CMS
CVE-2009-0325 (Directory traversal vulnerability in entries/index.php in Ninja Blog 4 ...)
	NOT-FOR-US: Ninja Blog
CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote at ...)
	NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and  ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote at ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O acti ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun So ...)
	NOT-FOR-US: Solaris
CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in libavfo ...)
	{DSA-1782-1 DSA-1781-1}
	- ffmpeg-debian 0.svn20080206-16 (medium; bug #524799)
	- ffmpeg 0.svn20080206-16
	- xmovie <removed>
	- mplayer 1.0~rc2-14 (medium; bug #524805)
	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
	NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter  ...)
	{DTSA-190-1}
	- gnumeric 1.8.4-3 (low; bug #513418)
	[etch] - gnumeric 1.6.3-5.1+etch2
CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings fo ...)
	- nautilus-python 0.4.3-3.2 (low; bug #513419)
CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python i ...)
	- vim 2:7.2.025-2 (low; bug #493937)
	[lenny] - vim 1:7.1.314-3+lenny2
	[squeeze] - vim 1:7.1.314-3+lenny2
	[etch] - vim <no-dsa> (Minor issue)
	NOTE: Not included in this round, could be fixed via next DSA with other issues
CVE-2009-0315 (Untrusted search path vulnerability in the Python module in xchat allo ...)
	- xchat 2.8.6-2.1 (low; bug #513509)
	[etch] - xchat <no-dsa> (Minor issue)
CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit allo ...)
	{DTSA-191-1}
	- gedit 2.22.3-2 (low; bug #513513)
	[etch] - gedit <no-dsa> (Minor issue)
CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite arbitrary f ...)
	NOT-FOR-US: winetricks
CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2  ...)
	NOT-FOR-US: EMC AutoStart
CVE-2009-0310 (Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through ...)
	NOT-FOR-US: SuSE blinux
CVE-2009-0309
	RESERVED
CVE-2009-0308
	RESERVED
CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the "Customize Statistics  ...)
	NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server
CVE-2009-0306 (Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in  ...)
	NOT-FOR-US: IBM Lotus Notes Intellisync ActiveX
CVE-2009-0305 (Multiple stack-based buffer overflows in the Research in Motion RIM Ax ...)
	NOT-FOR-US: ActiveX
CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before s ...)
	NOT-FOR-US: Solaris
CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.1 ...)
	NOT-FOR-US: Web Help Desk
CVE-2009-0302 (SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX  ...)
	NOT-FOR-US: FlexCell Grid Control
CVE-2009-0300
	REJECTED
CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1 allows r ...)
	NOT-FOR-US: Groone GLinks
CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control ...)
	NOT-FOR-US: MW6 Technologies Barcode
CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction allows  ...)
	NOT-FOR-US: ClickAuction
CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in Script Tok ...)
	NOT-FOR-US: Script Toko Online
CVE-2009-0295 (SQL injection vulnerability in index.php in Information Technology Lig ...)
	NOT-FOR-US: ITLPoll
CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, w ...)
	NOT-FOR-US: WB News
CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum Dating Softw ...)
	NOT-FOR-US: Wazzum Dating Software
CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows rem ...)
	NOT-FOR-US: SHOP-INET
CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remo ...)
	- openx <itp> (bug #513771)
CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.0 ...)
	NOT-FOR-US: GNU Board
CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before  ...)
	NOT-FOR-US: KEEP Toolkit
CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, ...)
	NOT-FOR-US: OpenGoo
CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 an ...)
	NOT-FOR-US: BBSXP
CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article Manager 1. ...)
	NOT-FOR-US: Flax Article Manager
CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows re ...)
	NOT-FOR-US: Oblog
CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking Club all ...)
	NOT-FOR-US: WarHound Walking Club
CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass authentic ...)
	NOT-FOR-US: Asp Project Management
CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and ea ...)
	NOT-FOR-US: Pardal CMS
CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 an ...)
	- amaya <removed> (medium; bug #507587)
	NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows
CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...)
	{DSA-1714-1 DSA-1713-1 DSA-1712-1}
	- rt2400 1.2.2+cvs20080623-3 (bug #512999)
	- rt2500 1:1.1.0-b4+cvs20080623-3 (bug #513000)
	- rt2570 1.1.0+cvs20080623-2 (bug #513001)
	- rt73 1:1.0.3.6-cvs20080623-dfsg1-3 (bug #512995)
CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature (secu ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (low)
	NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google Chrom ...)
	- chromium-browser <not-affected> (only 1.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, 7 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWis ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise We ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel befo ...)
	{DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
	- linux-2.6.24 <removed>
CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not prop ...)
	- bind9 <not-affected> (vulnerable code not present, introduced in 9.6.x)
CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows remote atta ...)
	NOT-FOR-US: Sun Java System Application Server (AS)
CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100 through ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-0275 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy  ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0271 (Directory traversal vulnerability in the TFTP service in Fujitsu Syste ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0270 (Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWiz ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0268 (Race condition in the pseudo-terminal (aka pty) driver module in Sun S ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0267 (libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does n ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0266 (Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows u ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0264 (Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWiza ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0263 (Multiple buffer overflows in Winamp 5.541 and earlier allow remote att ...)
	NOT-FOR-US: Winamp
CVE-2009-0262 (Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 al ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 al ...)
	NOT-FOR-US: EffectMatrix Total Video Player
CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFi ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (bug #513158; low)
CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote ...)
	- openoffice.org 2.0.4.dfsg.2-7
	NOTE: Checked with maintainer and issue was fixed long ago, marking etch version as fixed for now
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into vis ...)
	NOTE: Mozilla #474967, upstream disputes this being a bug
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb e ...)
	NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy  ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0250 (Ryneezy phoSheezy 0.2 stores sensitive information under the web root  ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0249 (Katy Whitton RankEm stores sensitive information under the web root wi ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0248 (Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0247 (The server for 53KF Web IM 2009 Home, Professional, and Enterprise edi ...)
	NOT-FOR-US: 53KF Web IM
CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impac ...)
	- tor 0.2.0.33-1
CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in the Micro ...)
	NOT-FOR-US: Microsoft product
CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and NoDriveTyp ...)
	NOT-FOR-US: Microsoft product
CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0  ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3  ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 thr ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 4 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0242
	REJECTED
CVE-2009-0241 (Stack-based buffer overflow in the process_path function in gmetad/ser ...)
	{DSA-1710-1}
	- ganglia-monitor-core 2.5.7-5 (medium; bug #512637)
CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN aut ...)
	{DSA-1725-1}
	- websvn 2.0-4+lenny1 (bug #512191)
	[etch] - websvn <not-affected> (authenthication doesn't exist in that version)
CVE-2009-0239 (Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Mic ...)
	NOT-FOR-US: Microsoft
CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Exc ...)
	NOT-FOR-US: Microsoft
CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2009-0236
	REJECTED
CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad i ...)
	NOT-FOR-US: Microsoft WordPad
CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0232 (Integer overflow in the Embedded OpenType (EOT) Font Engine in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0231 (The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-0228 (Stack-based buffer overflow in the EnumeratePrintShares function in Wi ...)
	NOT-FOR-US: Microsoft
CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (P ...)
	NOT-FOR-US: Microsoft
CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in ...)
	NOT-FOR-US: Microsoft
CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execut ...)
	NOT-FOR-US: Microsoft
CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows re ...)
	NOT-FOR-US: Microsoft
CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0 importer ( ...)
	NOT-FOR-US: Microsoft
CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion (RIM ...)
	NOT-FOR-US: BlackBerry
CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch Applica ...)
	NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) re ...)
	{DSA-1995-1 DSA-1849-1 DTSA-205-1}
	- xml-security-c 1.4.0-4
	- xmlsec1 1.2.12-1
	[lenny] - xmlsec1 <no-dsa> (Minor issue)
	- mono 2.4.2.3+dfsg-1
	NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
	NOTE: http://web.archive.org/web/20090124230233/http://anonsvn.mono-project.com:80/viewvc?view=rev
	NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
	- openoffice.org 1:3.1.1-16
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication inv ...)
	NOT-FOR-US: GE Fanuc iFIX
CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM Acces ...)
	NOT-FOR-US: IBM Access Support ActiveX
CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in AREVA e-te ...)
	NOT-FOR-US: WebFGServer
CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA e-terrahab ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in AREVA e-te ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in AREVA e-te ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0209 (PI Server in OSIsoft PI System before 3.4.380.x does not properly use  ...)
	NOT-FOR-US: OSIsoft PI System
CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, whe ...)
	NOT-FOR-US: HP Virtual Rooms Client
CVE-2009-0207 (Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk ...)
	NOT-FOR-US: VERITAS Oracle Disk Manager
CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier  ...)
	NOT-FOR-US: HP ONCplus
CVE-2009-0205
	RESERVED
CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6 ...)
	NOT-FOR-US: HP Select Access
CVE-2009-0203
	RESERVED
CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and St ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/ ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMwa ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and A ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView allow ...)
	NOT-FOR-US: IrfanView
CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function (jb ...)
	{DSA-2080-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
	- jbig2dec <not-affected> (already fixed in initial upload)
CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, an ...)
	{DSA-1790-1}
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
CVE-2009-0194 (The domain-locking implementation in the GARMINAXCONTROL.GarminAxContr ...)
	NOT-FOR-US: Garmin Communicator Plug-In
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 bef ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, includin ...)
	NOT-FOR-US: Foxit Reader
CVE-2009-0190
	REJECTED
CVE-2009-0189
	REJECTED
CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and p ...)
	NOT-FOR-US: Orbit Downloader
CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other pro ...)
	{DSA-1742-1 DTSA-202-1}
	- libsndfile 1.0.19-1 (medium)
CVE-2009-0185 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remo ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in Fre ...)
	NOT-FOR-US: Free Download Manager
CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free Download  ...)
	NOT-FOR-US: Free Download Manager
CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted atta ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to have an  ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on Fedor ...)
	NOT-FOR-US: Fedora specific issue
CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other p ...)
	- libmikmod 3.1.11-6.1 (low; bug #476339)
	[etch] - libmikmod <no-dsa> (Minor issue)
	[lenny] - libmikmod <no-dsa> (Minor issue)
CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 r ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd. ...)
	NOT-FOR-US: vmware-authd
CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in the Attac ...)
	NOT-FOR-US: Attachment Service in Research in Motion
CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 allo ...)
	NOT-FOR-US: Heathco Software MP3 TrackMaker
CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers t ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-0172 (Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a,  ...)
	NOT-FOR-US: IBM DB2 9.1
CVE-2009-0171 (The Sun SPARC Enterprise M4000 and M5000 Server, within a certain rang ...)
	NOT-FOR-US: Sun SPARC Enterprise M4000 and M5000 Server
CVE-2009-0170 (Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows re ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0169 (Sun Java System Access Manager 7.1 allows remote authenticated sub-rea ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0168 (Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris  ...)
	NOT-FOR-US: ppdmgr in Sun Solaris 10 and OpenSolaris
CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as  ...)
	{DSA-1793-1 DSA-1790-1}
	- xpdf 3.02-1.4+lenny1 (low; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (low; bug #528369)
CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the HTTP Ho ...)
	- cups 1.3.10-1 (low)
	[lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for attack)
	- cupsys <removed>
	[etch] - cupsys <no-dsa> (Minor issue, needs several prerequirements for attack)
CVE-2009-0163 (Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...)
	{DSA-1773-1}
	- cups 1.3.10-1
	- cupsys <removed>
CVE-2009-0162 (Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 ...)
	NOT-FOR-US: Safari
CVE-2009-0161 (The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 ...)
	NOT-FOR-US: Mac OS X
	NOTE: dupe of CVE-2009-0642
CVE-2009-0160 (QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 all ...)
	NOT-FOR-US: QuickDraw Manager
CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...)
	{DSA-1801-1}
	- ntp 1:4.2.4p6+dfsg-2 (low; bug #525373)
CVE-2009-0158 (Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10 ...)
	NOT-FOR-US: telnet in Apple Mac OS X
CVE-2009-0157 (Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before  ...)
	NOT-FOR-US: CFNetwork in Apple
CVE-2009-0156 (Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allow ...)
	NOT-FOR-US: Launch Services in Apple Mac OS
CVE-2009-0155 (Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7 ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS
CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Type Services
CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other 3.x ver ...)
	{DSA-1889-1}
	- icu 4.0.1-1 (low; bug #534590)
CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instan ...)
	NOT-FOR-US: iChat in Apple Mac OS X
CVE-2009-0151 (The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not ...)
	NOT-FOR-US: screen saver in Dock in Apple Mac OS X
CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0149 (Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to ga ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote attacker ...)
	{DSA-1806-1}
	- cscope 15.7a-1 (low; bug #528510)
CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ea ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (low; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ear ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone  ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
CVE-2009-0144 (CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse ...)
	NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-0143 (Apple iTunes before 8.1 does not properly inform the user about the or ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0142 (Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local use ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0141 (XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creat ...)
	NOT-FOR-US: XTerm in Apple Mac OS X
CVE-2009-0140 (Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4. ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0139 (Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0138 (servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0137 (Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0134 (Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX contro ...)
	NOT-FOR-US: EasyGrid.SGCtrl.32 ActiveX control
CVE-2009-0135 (Multiple integer overflows in the Audible::Tag::readTag function in me ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0136 (Multiple array index errors in the Audible::Tag::readTag function in m ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0133 (Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allow ...)
	NOT-FOR-US: Microsoft HTML Help Workshop
CVE-2009-0132 (Integer overflow in the aio_suspend function in Sun Solaris 8 through  ...)
	NOT-FOR-US: Solaris
CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...)
	NOT-FOR-US: UFS in OpenSolaris
CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not proper ...)
	- erlang <unfixed> (unimportant; bug #511520)
	NOTE: the return value is passed to the caller (lib/crypto/src/crypto.erl) which
	NOTE: only return success in case of DSA_do_verify returning 1 and failure otherwise
	NOTE: this is likely to be rejected
CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value fro ...)
	- libcrypt-openssl-dsa-perl 0.13-4 (bug #511519)
CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Re ...)
	{DTSA-185-1}
	- slurm-llnl 1.3.13-1 (bug #511511)
CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from  ...)
	- m2crypto <unfixed> (bug #511515; unimportant)
	NOTE: m2crypto provides a direct mapping of the OpenSSL functions, no incorrect
	NOTE: call sites are known, if such are found they should be fixed in the respective
	NOTE: applications
CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...)
	{DSA-1718-1}
	- boinc 6.2.14-3 (bug #511521)
CVE-2009-0125
	- libnasl <removed> (unimportant; bug #511517)
CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radi ...)
	- tqsllib 2.0-8 (low; bug #511509)
	[etch] - tqsllib <no-dsa> (Minor issue)
CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8. ...)
	- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
CVE-2009-XXXX [unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry]
	- drupal6 6.6-3
CVE-2009-XXXX [unspecified Drupal SQL injection]
	- drupal5 5.15-1
CVE-2009-0121 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allow ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0120 (The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3. ...)
	NOT-FOR-US: Web Sphere
CVE-2009-0119 (Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2009-0118
	RESERVED
CVE-2009-0117
	RESERVED
CVE-2009-0116
	RESERVED
CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or device-m ...)
	{DSA-1767-1}
	- multipath-tools 0.4.8-15 (low; bug #522813)
CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
	- openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL support)
CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe Flash Playe ...)
	NOT-FOR-US: Flash
CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the XSta ...)
	NOT-FOR-US: Joomla! component
CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.as ...)
	NOT-FOR-US: PollPro
CVE-2009-0111 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and e ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0110 (SQL injection vulnerability in read.php in RiotPix 0.61 and earlier al ...)
	NOT-FOR-US: RiotPix
CVE-2009-0109 (SQL injection vulnerability in index.php in RiotPix 0.61 and earlier a ...)
	NOT-FOR-US: RiotPix
CVE-2009-0108 (PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass a ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0107 (Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0106 (SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuct ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0105 (Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2  ...)
	NOT-FOR-US: EZpack
CVE-2009-0104 (SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote ...)
	NOT-FOR-US: EZpack
CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 al ...)
	NOT-FOR-US: playSMS
CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3,  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0101
	REJECTED
CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Exc ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32) provide ...)
	NOT-FOR-US: Microsoft
CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exch ...)
	NOT-FOR-US: Microsoft
CVE-2009-0097 (Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validat ...)
	NOT-FOR-US: Microsoft
CVE-2009-0096 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0092
	REJECTED
CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enfor ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not proper ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft  ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in WordPad in M ...)
	NOT-FOR-US: Microsoft Word
CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 an ...)
	NOT-FOR-US: DirectX
CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0081 (The graphics device interface (GDI) implementation in the kernel in Mi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, d ...)
	NOT-FOR-US: Windows Vista
CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003  ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in Microsoft Win ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway,  ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used, allows  ...)
	NOT-FOR-US: Microsoft
CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors during a ...)
	NOT-FOR-US: Microsoft
CVE-2009-0074
	REJECTED
CVE-2009-0073
	REJECTED
CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attack ...)
	NOT-FOR-US: Internet Explorer
CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is e ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to re ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh function in  ...)
	NOT-FOR-US: Solaris
CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute arbit ...)
	- xdg-utils <not-affected> (xdg-open is not added to mailcap)
CVE-2009-0067
	RESERVED
CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for Trus ...)
	NOT-FOR-US: Intel system software for TXT
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Trans ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in Symantec ...)
	NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0063 (Cross-site scripting (XSS) vulnerability in the Control Center in Syma ...)
	NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC),  ...)
	NOT-FOR-US: Cisco
CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC dr ...)
	NOT-FOR-US: Cisco
CVE-2009-0060
	RESERVED
CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless  ...)
	NOT-FOR-US: Cisco
CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless  ...)
	NOT-FOR-US: Cisco
CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco Unifi ...)
	NOT-FOR-US: Cisco
CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration  ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0055 (Cross-site request forgery (CSRF) vulnerability in the administration  ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2 ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2 ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access  ...)
	NOT-FOR-US: Netgear WNDAP330 Access Point
CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from th ...)
	NOT-FOR-US: ZXID
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from  ...)
	{DSA-1700-1}
	- lasso 2.2.1-2 (bug #511262)
CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly ch ...)
	{DSA-1946-1}
	- belpic 2.6.0-6 (bug #511261)
CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the return valu ...)
	NOT-FOR-US: OpenEvidence
CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value from th ...)
	NOT-FOR-US: Gale
CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the return valu ...)
	NOT-FOR-US: Sun GridEngine
CVE-2009-0045
	RESERVED
CVE-2009-0044
	RESERVED
CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 ...)
	NOT-FOR-US: CA Service Metric Analysis r11.0 through r11.1 SP1 and Service
CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library (arclib.dll ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23- ...)
	{DSA-1952-1}
	- asterisk 1:1.6.1.0~dfsg~rc3-1 (low; bug #513413)
	[lenny] - asterisk <no-dsa> (Minor issue)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...)
	{DSA-1830-1 DSA-1750-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- libpng 1.2.35-1 (bug #516256)
CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	- geronimo <itp> (bug #481869)
CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web adminis ...)
	- geronimo <itp> (bug #481869)
CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, w ...)
	{DSA-1738-1}
	- curl 7.18.2-8.1 (bug #518423)
CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in proxy/libvirt ...)
	- libvirt 0.5.1-7 (unimportant)
	NOTE: not building libvirt proxy from libvirt source package
CVE-2009-0035 (alsa-utils 1.0.19 and later versions allows local users to overwrite a ...)
	- alsa-driver 1.0.20-1 (unimportant)
	NOTE: alsainfo not built into source package
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret  ...)
	- sudo 1.6.9p17-2 (medium)
	[etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 th ...)
	{DSA-2207-1}
	- tomcat6 6.0.28-1
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (medium; bug #532363)
	- tomcat5.5 <removed> (medium; bug #532366)
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3 ...)
	NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function (security/keys ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
	- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (medium; bug #536147)
	- linux-2.6.24 <removed>
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows lo ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application Platfor ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabb ...)
	NOT-FOR-US: Apache Jackrabbit
CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check t ...)
	{DSA-1703-1}
	- bind9 1:9.5.1.dfsg.P1-1 (low; bug #511936)
	NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify
	NOTE: low severity because it is believed hard to trigger and only
	NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux kernel b ...)
	- linux-2.6 2.6.24-4
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23)
	NOTE: Fixed in 2.6.24 before initial upload
CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apa ...)
	{DSA-1812-1}
	- apr-util 1.3.7+dfsg-1
CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows re ...)
	- samba 2:3.2.5-3
	[etch] - samba <not-affected> (Only 3.2.x affected)
CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly  ...)
	{DSA-1702-1}
	- ntp 1:4.2.4p4+dfsg-8
CVE-2009-0020 (Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0019 (Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0018 (The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 do ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0017 (csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to cause a  ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0015 (Unspecified vulnerability in fseventsd in the FSEvents framework in Ap ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0014 (Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0013 (dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that pa ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0012 (Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0011 (Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to o ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0010 (Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 1 ...)
	NOT-FOR-US: QuickDraw Manager in Apple Mac OS X
CVE-2009-0009 (Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.1 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0008 (Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows remote a ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows remote  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote attackers  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime